Let’s encrypt certificate auto renewal fails. Works manually. GCP. MODX

Keywords: MODX - Google Cloud Platform - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: 80154843-8727-4629-71c3-6f7530d9f076
Description:
My Let’s Encrypt certificates didn’t auto renew, even though I used the Bitnami HTTPS Configuration Tool to get the certificate and create the renewal cron job.

I manually ran the cron job code that I found using “sudo crontab -u bitnami -l”, and the certificate was renewed.

Hi @tigco,

I’m not sure I understand. If the command from the cronjob is working, and the cronjob is configured correctly, it should work. Are you saying it didn’t get triggered?

Regards,
Michiel

Yes, exactly, it didn’t get triggered. Not sure why.

Hi @tigco,

Could you check if cron is running?

sudo status cron

Regards,
Michiel

“sudo status cron” failed for me with the “Command not found” error message.

I did the following, and it showed cron.
$ ps -ef | grep cron
root 467 1 0 Jul22 ? 00:00:11 /usr/sbin/cron -f

Hi @tigco,

To check if the cronjob (and cron) works, you could change the pattern so it executes each hour pipe the output to a file.

0 0 1 * * sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --email="EMAIL" --http --http-timeout 30 --http.webroot /opt/bitnami/apps/letsencrypt --domains=DOMAIN renew > /tmp/lego-cron-output

Then you can check the output after an hour.

cat /tmp/lego-cron-output

Regards,
Michiel

My certificates failed to renew automatically again. I think I understand the problem better now, but I need advise regarding the best solution.

Cron is running for the root user.
modx-vm:~$ ps -ef | grep cron
root 460 1 0 May06 ? 00:00:35 /usr/sbin/cron -f

But the job is owned by another user.
modx-vm:~$ sudo crontab -u root -l
no crontab for root
modx-vm:~$ sudo crontab -u bitnami -l
0 0 1 * * sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt

Hi @tigco,

The renewal cronjob is configured for the bitnami user by default. Can you tell me the complete output of this command?

sudo crontab -u bitnami -l

To hide personal data, you can replace your actual domain name and email address with a placeholder.

Regards,
Michiel

Hi @michiel,

Here is the output
0 0 1 * * sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --email=“email_placeholder” --http --http-timeout 30 --http.webroot /opt/bitnami/apps/letsencrypt --domains=domain_placeholder.com renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful # bncert-autorenew

thank you!

Hi @tibgco,
Can you share which is the output of running that command manually?

sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --email="emailplaceholder_" --http --http-timeout 30 --http.webroot /opt/bitnami/apps/letsencrypt --domains=domainplaceholder_.com renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful # bncert-autorenew

Using you domain and email.

Hi @michiel, did that output give any clues?

Hi @tigco,

Sorry for the misunderstanding. Can you run the following command?

sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --email="emailplaceholder_" --http --http-timeout 30 --http.webroot /opt/bitnami/apps/letsencrypt --domains=domainplaceholder_.com renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful # bncert-autorenew

Using your email and domain instead of the placeholders?

Regards,
Michiel

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.