Let’s encrypt certificate auto renewal fails. Works manually. GCP. MODX

tigco 2019-10-04 13:37:10 UTC #1

Keywords: MODX - Google Cloud Platform - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: 80154843-8727-4629-71c3-6f7530d9f076
Description:
My Let's Encrypt certificates didn't auto renew, even though I used the Bitnami HTTPS Configuration Tool to get the certificate and create the renewal cron job.

I manually ran the cron job code that I found using "sudo crontab -u bitnami -l", and the certificate was renewed.

michiel 2019-10-07 08:30:41 UTC #2

Hi @tigco,

I'm not sure I understand. If the command from the cronjob is working, and the cronjob is configured correctly, it should work. Are you saying it didn't get triggered?

Regards,
Michiel

tigco 2019-10-10 09:15:43 UTC #3

Yes, exactly, it didn't get triggered. Not sure why.

michiel 2019-10-10 13:21:09 UTC #4

Hi @tigco,

Could you check if cron is running?

sudo status cron

Regards,
Michiel

tigco 2019-10-14 19:53:26 UTC #5

"sudo status cron" failed for me with the "Command not found" error message.

I did the following, and it showed cron.
$ ps -ef | grep cron
root 467 1 0 Jul22 ? 00:00:11 /usr/sbin/cron -f

michiel 2019-10-15 13:35:23 UTC #6

Hi @tigco,

To check if the cronjob (and cron) works, you could change the pattern so it executes each hour pipe the output to a file.

0 0 1 * * sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --email="EMAIL" --http --http-timeout 30 --http.webroot /opt/bitnami/apps/letsencrypt --domains=DOMAIN renew > /tmp/lego-cron-output

Then you can check the output after an hour.

cat /tmp/lego-cron-output

Regards,
Michiel

tigco 2019-12-23 18:43:05 UTC #7

My certificates failed to renew automatically again. I think I understand the problem better now, but I need advise regarding the best solution.

Cron is running for the root user.
modx-vm:~$ ps -ef | grep cron
root 460 1 0 May06 ? 00:00:35 /usr/sbin/cron -f

But the job is owned by another user.
modx-vm:~$ sudo crontab -u root -l
no crontab for root
modx-vm:~$ sudo crontab -u bitnami -l
0 0 1 * * sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt

michiel 2019-12-24 09:00:25 UTC #8

Hi @tigco,

The renewal cronjob is configured for the bitnami user by default. Can you tell me the complete output of this command?

sudo crontab -u bitnami -l

To hide personal data, you can replace your actual domain name and email address with a placeholder.

Regards,
Michiel

tigco 2019-12-24 21:11:01 UTC #9

Hi @michiel,

Here is the output
0 0 1 * * sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --email="emailplaceholder_" --http --http-timeout 30 --http.webroot /opt/bitnami/apps/letsencrypt --domains=domainplaceholder_.com renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful # bncert-autorenew

thank you!

miguelaeh 2019-12-26 16:09:36 UTC #10

Hi @tibgco,
Can you share which is the output of running that command manually?

sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --email="emailplaceholder_" --http --http-timeout 30 --http.webroot /opt/bitnami/apps/letsencrypt --domains=domainplaceholder_.com renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful # bncert-autorenew

Using you domain and email.

tigco 2019-12-30 17:24:38 UTC #11

Hi @michiel, did that output give any clues?

michiel 2019-12-31 09:59:30 UTC #12

Hi @tigco,

Sorry for the misunderstanding. Can you run the following command?

sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --email="emailplaceholder_" --http --http-timeout 30 --http.webroot /opt/bitnami/apps/letsencrypt --domains=domainplaceholder_.com renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful # bncert-autorenew

Using your email and domain instead of the placeholders?

Regards,
Michiel

system 2020-01-14 19:48:11 UTC #13

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Bitnami provides free all-in-one installers, virtual machines and cloud images for popular open source applications. Get them now!