Question

letsencrypt cron job auto-renew is not working (Ubuntu/Nginx droplet)?

Posted August 17, 2016 9.9k views
NginxUbuntuLet's Encrypt

Hi!

I followed this DO guide to configure LetsEncrypt for my server: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04

The guide worked great, however the auto-renew cron job does not seem to fire on my server. I keep having to go in and manually run the update command to get my certs renewed.

I followed the guide carefully and placed the following in my crontab ( sudo crontab -e )

30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
35 2 * * 1 /etc/init.d/nginx reload

here is a dump from the le-renew.log file… I’m not a backend guy so I may have missed something but I did not notice anything fishy. https://gist.github.com/tconroy/81187d31badd09cc0e2b468997cf1549

wonder if there’s any extra configuration I need to do to get auto-renew working?

Thank you!

1 comment
  • same here.
    Someone had a thread about this, so the issue seems to be more than just a few standalone isntances.

    I just switched to using Acme:
    https://github.com/hlandau/acme

    Once I figured out how to set it up, it is amazingly simple and works fine.
    but I will not know if cron is working or not until my certs are due.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

This question was answered by @sierracircle:

same here.
Someone had a thread about this, so the issue seems to be more than just a few standalone isntances.

I just switched to using Acme:
https://github.com/hlandau/acme

Once I figured out how to set it up, it is amazingly simple and works fine.
but I will not know if cron is working or not until my certs are due.

View the original comment

This is late, but for anyone else having the problem. I had to make the cron job stop nginx, renew the certificate, then start nginx to work. Otherwise the server is using the port that lets encrypt needs. Here is what I did
15 3 * * * /usr/bin/certbot renew –quiet –pre-hook “/bin/systemctl stop nginx” –post-hook “/bin/systemctl start nginx”

Here is the documentation:
https://certbot.eff.org/docs/using.html#renewal

Submit an Answer