Unable to Renew via Cron


#1

I thought I have setup the cron renew process correctly, but it doesn’t seem that way. I had this inputted in my cron, but it appears to be invalid. File not found.

/opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log 2>&1

Letsencrypt is located in ‘/etc/letsencrypt’, however, I do not see a letsencrypt-auto or certbot-auto from within.

What is the proper syntax to renew by cron? I am using this format to issue my certificate.

sudo letsencrypt certonly -a webroot --agree-tos --webroot-path=/home/user/www/letsencrypt -d domain.com -d www.domain.com


#2
find / -name letsencrypt-auto 2>/dev/null

In the end it doesn’t matter what type of Certbot you use.

You can download certbot-auto and make a cron job for certbot-auto renew , and it will be fully compatible with your existing renewal parameters in /etc/letsencrypt.


#3

What operating system and version are you running? Which instructions did you follow to install Certbot? If you follow the instructions at https://certbot.eff.org/ and there are packages available for your OS, they should automatically set up cron renewal. I would recommend trying to follow one of those, since it sounds like you may have a very old version of Certbot (formerly letsencrypt), and it would be good to get you on an automatically updating method.


#4

Yes, I am running an old version of certbot ver 0.10.2

I followed instructions to install letsencrypt from a blog post, I can’t remember the link.
My OS is Debian 9 Stretch running Nginx on a Raspberry Pi 3.

From this site, https://certbot.eff.org/ , it looks like there is a package. However, there are some side notes about some features aren’t available and the method I used to issue my certificates aren’t working as it should. I may have interrupted wrong?


#5

Update:
Tinkering with my current setting some more, I think I may have found my solution. Originally, I thought my certificate was eligible for renewal as of today, but it says ‘31’ and certbot will only renew certs below ‘30’ days.

I have now added this line to cron and it seems to be working.

certbot renew >> /var/log/le-renew.log 2>&1

The log had an output saying my certs are not due for renewal yet.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert not yet due for renewal
Cert not yet due for renewal

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/domain1.com.conf
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/domain2.com.conf
-------------------------------------------------------------------------------

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/domain1.com/fullchain.pem (skipped)
  /etc/letsencrypt/live/domain2.com/fullchain.pem (skipped)
No renewals were attempted.

I will re-run the cron again tomorrow and see if it will renew.


#6

You can choose to renew whenever you want, as long as you stay within the rate limits, but Certbot’s default is always 30 days before expiry, regardless of the number of days in a particular month.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.