If you’re facing the issue of your Let’s Encrypt certificates not renewing automatically, here’s what you can do.
(Tested on Google Cloud Compute instance running Ubuntu 16.04 LTS)
Ensure you’re not using TLS-SNI-01 challenges for renewal. These are now disabled for most new certificate issuances.
You can check this by viewing the contents of
/etc/letsencrypt/renewal/<your domain here>.conf
If it mentions the following, you’re using TLS-SNI-01 challenges:
standalone_supported_challenges = "tls-sni-01"
To fix this and use the newer Nginx plugin instead, run the following command and follow the prompts to force-update to a newer certificate for all your relevant domains:
sudo /opt/certbot-auto --nginx
(Note: If you’re using a different executable than certbot-auto, use that instead)
You can use the following command to verify that this works:
sudo /opt/certbot-auto renew --dry-run
Additionally, you can verify that the relevant
.conf files have been updated to use nginx as authenticator.
The following cron job works for me on Ubuntu 16.04 (Use
sudo crontab -e to set this):
@monthly /opt/certbot-auto renew && systemctl restart nginx # Renew lets-encrypt every month
It is essential to set path in crontab, because the
nginx executable needs to be discovered by certbot for functioning.
(Optional) Ensure that your server uses appropriate timezone, so that cron job doesn’t end up running at a crucial time:
Hope this helps.
Many thanks for posting this
Thanks. I will test it out. It will save us the headache of every three three months renewal
To add to this post, there’s a way mentioned in the below link in the last section of the wiki article.
FYI, above command is required for auto renewal irrespective of TLS-SNI-01 challenge issued mentioned above
im getting an error when trying to renew ssl, any idea where things went wrong
Running setup.py install for zope.component: started
Running setup.py install for zope.component: finished with status ‘done’
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/cli/base_command.py”, line 176, in main
status = self.run(options, args)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/commands/install.py”, line 393, in run
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/req/init.py”, line 57, in install_given_reqs
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/req/req_install.py”, line 919, in install
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/req/req_install.py”, line 445, in move_wheel_files
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/wheel.py”, line 583, in move_wheel_files
outrows = get_csv_rows_for_installed(reader)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/wheel.py”, line 565, in get_csv_rows_for_installed
for fpath, digest, length in old_csv_rows:
ValueError: too many values to unpack
Certbot has problem setting up the virtual environment.
We were not be able to guess the right solution from your pip
for possible solutions.
You may also find some support resources at https://certbot.eff.org/support/ .
Any assistance is highly appreciated.
just got the same error a moment ago
Looks like the bug has been fixed, re-ran ‘sudo bench renew-lets-encrypt’ and all is updated with no errors.