letsencrypt cron job auto-renew is not working (Ubuntu/Nginx droplet)?

Question

Hi!

I followed this DO guide to configure LetsEncrypt for my server: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04

The guide worked great, however the auto-renew cron job does not seem to fire on my server. I keep having to go in and manually run the update command to get my certs renewed.

I followed the guide carefully and placed the following in my crontab ( sudo crontab -e )

30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
35 2 * * 1 /etc/init.d/nginx reload

here is a dump from the le-renew.log file… I’m not a backend guy so I may have missed something but I did not notice anything fishy. https://gist.github.com/tconroy/81187d31badd09cc0e2b468997cf1549

wonder if there’s any extra configuration I need to do to get auto-renew working?

Thank you!

mcinteemasud · Answer

This is late, but for anyone else having the problem. I had to make the cron job stop nginx, renew the certificate, then start nginx to work. Otherwise the server is using the port that lets encrypt needs. Here is what I did 15 3 * * * /usr/bin/certbot renew --quiet --pre-hook “/bin/systemctl stop nginx” --post-hook “/bin/systemctl start nginx”

Here is the documentation: https://certbot.eff.org/docs/using.html#renewal

Ryan Quinn · Answer

This question was answered by @sierracircle:

same here. Someone had a thread about this, so the issue seems to be more than just a few standalone isntances.

I just switched to using Acme: https://github.com/hlandau/acme

Once I figured out how to set it up, it is amazingly simple and works fine. but I will not know if cron is working or not until my certs are due.

View the original comment

Related

Question

letsencrypt cron job auto-renew is not working (Ubuntu/Nginx droplet)?

Related