letsencrypt/certbot systemd timer/service not working on Ubuntu 18.04

linux ubuntu systemd letsencrypt certbot
8,221

Solution 1

Certbot has its own service to renew things, you do not need no additional crontab lines. In theory.

Practically I've seed certbot.timer stopping seeming for no reason at all:

$ sudo systemctl status certbot.timer
● certbot.timer - Run certbot twice daily
   Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
   Active: inactive (dead) since .....; 1 months 7 days ago

In that case restarting it helps:

sudo systemctl enable certbot.timer
sudo systemctl start certbot.timer

The reason why it stops functioning is yet to be found.

Solution 2

Systemd services do not generate email notifications. Cron jobs do.

All of this indicates that your shown systemd units are not related to the problem (it's possible that they already work without problems) – but the same task is being done from another place; most likely a job defined in your crontab.

Use crontab -l to list cron jobs for your user account and crontab -e to edit them.

Make sure to check your own crontab, root's crontab (via sudo), and the system-wide /etc/crontab file (no special command for that one).

Share:
8,221

Related videos on Youtube

moritzjacobs
Author by

moritzjacobs

Updated on September 18, 2022

Comments

  • moritzjacobs
    moritzjacobs over 1 year

    I installed certbot for nginx and the autorenew script set itself up automatically, but this is the email I receive, whenever it runs:

    /home/foobar/certbot-renew.sh: 1: /home/foobar/certbot-renew.sh: /usr/bin/certbot: not found

    What confuses me is, there's no certbot-renew.sh in my home dir...?

    Further information from systemctl:

    # /lib/systemd/system/certbot.timer
[Unit]
Description=Run certbot twice daily

[Timer]
OnCalendar=*-*-* 00,12:00:00
RandomizedDelaySec=43200
Persistent=true

[Install]
WantedBy=timers.target

    and

    # /lib/systemd/system/certbot.service
[Unit]
Description=Certbot
Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html
Documentation=https://letsencrypt.readthedocs.io/en/latest/
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot -q renew
PrivateTmp=true

    I'm new to using systemd, help is appreciated!

    Edit:

    As @grawity suggested, I checked my crontabs instead and found this:

    foo@bar:~$ cat /etc/crontab
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user  command
17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#

    Also this:

    foo@bar:~$ cat /etc/cron.d/certbot
# /etc/cron.d/certbot: crontab entries for the certbot package
#
# Upstream recommends attempting renewal twice a day
#
# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc.  Renewal will only occur if expiration
# is within 30 days.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew

    To clarify:

    foo@bar:~$ which certbot
/usr/bin/certbot

foo@bar:~$ certbot --version
certbot 0.26.1
  • moritzjacobs
    moritzjacobs over 5 years
    You're right, I didn't know that. I still don't know what's wrong, so I edited my question above with some additional info. Thanks for your input!
  • jakethedog
    jakethedog over 4 years
    This happened to me recently, where auto-renew did not run, though the system has been doing so for years. Maybe a package update broke something. Anyway, kicking the timer fixed it.
  • Amit Tandel
    Amit Tandel over 3 years
    Note; I use the Python PIP version of certbot on a few machines. If you ever installed certbot via APT and later remove it, the certbot.timer may still exist, but is in a 'masked' state. Please be aware you will need to create your own renew script in this case regardless of the presence of a systemd timer. Just edit the apt /etc/cron.d/certbot version to your liking (remove the systemd test check).

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Failed at step EXEC spawning: No such file or directory
Ubuntu 16.04 Systemd not possible to use systemctl
start ddclient as daemon with systemd
systemd-logind spams in log
Running a bash script from systemd as if I logged in
Cannot start snmpd correctly
How do I analyze journalctl logs outside of journalctl?
Restarting a service remotely with ssh and sudo errors
What is "systemd" in CentOS 7
Limit total memory usage for multiple instances of systemd service