Failing Let’s Encrypt SSL certificate renewal cronjob

2 min.

Your Let’s Encrypt SSL certificate was not renewed and the website is displaying a big angry error about that. You check cronjob — maybe you forgot to set it up? Nope, there it is:

> crontab -e
11 11 15 * * letsencrypt renew --force-renew

You try to run it by hand and everything seems fine. The day is saved, but we still have to figure out why the cronjob failed in the first place. We’re gonna need some logs.

You are not sure if you have crontab logs lying somewhere around, so you just redirect the output to a separate file:

* * * * * letsencrypt renew — force-renew > /var/log/letsencrypt-renew-crontab.log 2>&1

Now wait a minute or so and check the file:

cat /var/log/letsencrypt-renew-crontab.log

You get something like this:

The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError()"

Bingo! Long story short, this has to do with PATH value that the crontab has — it’s not the same as you have in the console. Easy fix would be to set it right in the cronjob:

> echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
> crontab -e
# let’s encrypt renewals run every 15th of the month
11 11 15 * * PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin && letsencrypt renew — force-renew > /var/log/letsencrypt-renew-crontab.log 2>&1

We echo the correct $PATH value from the console and then edit the cronjob to explicitly set it before running the renewal.

That should do it.

Do you have comments? Tweet X it at me.

Keep up with me

Consider subscribing. There's also an RSS feed if you're into that.

Wanna reach out? Tweet at me or drop me a line: golb [tod] sadat [ta] olleh.

Est. 2011