Let’s Encrypt was really easy to setup, but Cron was less so. I kept getting emails that the Let’s Encrypt renewal was failing:
2017-03-09 02:51:02,285:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/bbbburns.com.conf produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError(). Skipping.
1 renew failure(s), 0 parse failure(s)
I had a cron job setup with the absolute bare minimum:
crontab -e
56 02 * * * /usr/bin/letsencrypt renew >> /var/log/le-renew.log
When I ran
/usr/bin/letsencrypt renew
at the command line, everything worked just fine. I was like, “Oh – this must be some stupid cron thing that I used to know, but never remember.”
Turns out the problem was the cron environment PATH variable. Cron didn’t have access to /usr/sbin and apparently certbot was using that for access to the apache2 binary. The fix was to change the cron to the following:
56 02 * * * /root/le-renew.sh
Then create a script that runs the renewal after the PATH variable is set correctly:
cat /root/le-renew.sh
#!/bin/bash
#Automate the LE renewal process
#Need /usr/sbin for apache2
# https://github.com/certbot/certbot/issues/1833
export PATH=$PATH:/usr/sbin
#Renew the certs and log the results
/usr/bin/letsencrypt renew >> /var/log/le-renew.log
It was a good thing I put the link to the problem right in the script, or I never would have been able to find it again to write this blog.
NOW my renewal works absolutely fine. Problem solved. Thanks Cron.