Let's Encrypt not renewing automatically? Try this

Install / Update Setup
1

Hello,

If you’re facing the issue of your Let’s Encrypt certificates not renewing automatically, here’s what you can do.

(Tested on Google Cloud Compute instance running Ubuntu 16.04 LTS)

  1. Ensure you’re not using TLS-SNI-01 challenges for renewal. These are now disabled for most new certificate issuances.

    You can check this by viewing the contents of /etc/letsencrypt/renewal/<your domain here>.conf

    If it mentions the following, you’re using TLS-SNI-01 challenges:

     standalone_supported_challenges = "tls-sni-01"

    To fix this and use the newer Nginx plugin instead, run the following command and follow the prompts to force-update to a newer certificate for all your relevant domains:

     sudo /opt/certbot-auto --nginx

    (Note: If you’re using a different executable than certbot-auto, use that instead)

    You can use the following command to verify that this works:

      sudo /opt/certbot-auto renew --dry-run

    Additionally, you can verify that the relevant .conf files have been updated to use nginx as authenticator.

  2. The following cron job works for me on Ubuntu 16.04 (Use sudo crontab -e to set this):

     PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 @monthly /opt/certbot-auto renew && systemctl restart nginx # Renew lets-encrypt every month

    It is essential to set path in crontab, because the nginx executable needs to be discovered by certbot for functioning.

  3. (Optional) Ensure that your server uses appropriate timezone, so that cron job doesn’t end up running at a crucial time:
    4 Ways to Change the Timezone in Linux - wikiHow

Hope this helps.

11 Likes
2

Many thanks for posting this :grinning:

1 Like
3

Thanks. I will test it out. It will save us the headache of every three three months renewal

1 Like
4

To add to this post, there’s a way mentioned in the below link in the last section of the wiki article.

https://github.com/frappe/erpnext/wiki/Setting-up-TLS-SSL-certificates-Let’s-Encrypt-for-ERPNext-sites

1 Like
5

This is the latest link Home · frappe/bench Wiki · GitHub

6

FYI, above command is required for auto renewal irrespective of TLS-SNI-01 challenge issued mentioned above

7

Hi,

im getting an error when trying to renew ssl, any idea where things went wrong

Running setup.py install for zope.component: started
Running setup.py install for zope.component: finished with status ‘done’
Exception:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/cli/base_command.py”, line 176, in main
status = self.run(options, args)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/commands/install.py”, line 393, in run
use_user_site=options.use_user_site,
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/req/init.py”, line 57, in install_given_reqs
**kwargs
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/req/req_install.py”, line 919, in install
use_user_site=use_user_site, pycompile=pycompile,
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/req/req_install.py”, line 445, in move_wheel_files
warn_script_location=warn_script_location,
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/wheel.py”, line 583, in move_wheel_files
outrows = get_csv_rows_for_installed(reader)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/wheel.py”, line 565, in get_csv_rows_for_installed
for fpath, digest, length in old_csv_rows:
ValueError: too many values to unpack

Certbot has problem setting up the virtual environment.

We were not be able to guess the right solution from your pip
output.

Consult Get Certbot — Certbot 2.1.1 documentation
for possible solutions.
You may also find some support resources at 404 Not Found | Certbot .

Any assistance is highly appreciated.

kinds regards
Hemant

1 Like
8

Apparently letsencrypt is working on the problem, to find out more check for eg here Certbot-auto failed to complete - Had a problem while installing Python packages - #9 by peixotorms - Help - Let's Encrypt Community Support

1 Like
9

just got the same error a moment ago

10

Looks like the bug has been fixed, re-ran ‘sudo bench renew-lets-encrypt’ and all is updated with no errors.

kind regards
Hemant

1 Like