Why could not update the certificate?

Hello!

I have a cron job on Ubuntu 14.04 (Amazon EC2):

@daily /opt/certbot-auto certonly --webroot --noninteractive --agree-tos --quiet --email webmaster@compscicenter.ru -w /var/www -d compscicenter.ru -d www.compscicenter.ru --post-hook 'service nginx reload'

It worked like a charm since Jan 2017. I’ve realized that something goes wrong when my certificate has been expired.
All I did to fix the problem - I copied the command above and ran it manually to renew certificate.
Later I noticed that lost logs after 2 August, but now this is fixed, I see new log files in /var/log/letsencrypt/.

Can you help me to clarify why the certificate wasn’t updated and how to avoid this situation in the future? Maybe I should edit my cron job?
Thanks.
P.S. I’ve noticed update on 2 Aug. https://github.com/certbot/certbot/blob/master/CHANGELOG.md#0170---2017-08-02

Please fill out the fields below so we can help you better.

Note: you must provide your domain name to get help.

Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

ahaw021, hello

My domain is: compscicenter.ru

I ran this command: @daily /opt/certbot-auto certonly --webroot --noninteractive --agree-tos --quiet --email webmaster@compscicenter.ru -w /var/www -d compscicenter.ru -d www.compscicenter.ru --post-hook 'service nginx reload' (cron job, from root user)

It produced this output: -

My web server is (include version): nginx 1.12.1

The operating system my web server runs on is (include version): Ubuntu 14.04

My hosting provider, if applicable, is: AWS EC2

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

hi @pacahon

it could be that certbot tried to update itself

I recommend that you add the --

I would also recommend you review the NGINX plugin instead of using webroot (you have port 443 open and are using NGINX)

https://certbot.eff.org/docs/using.html

--no-self-upgrade (certbot-auto only) prevent the certbot-auto script
from upgrading itself to newer released versions
(default: Upgrade automatically)

https://certbot.eff.org/docs/using.html#nginx

Andrei

@ahaw021 Thanks for the links. Am I understand right that if I need only to renew certificates (and it works fine now), no need to update certbot-auto to the newer versions?

I would keep an eye out on newer versions but manage the upgrade process manually (so it doesn’t interfere with the renewal)

Things to be aware of

A) Wildcard support (next year)
B) Fixes etc
C) API points may change.
D) Currently Certbot is on version on 0.19.0
E) You can review your version by using certbot --version

image

F) sometimes libraries such as argparse in python are updated which can break certbot and newer versions fix it.

I will write up some thoughts on updates and link you in on when done.

Andrei

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.