Letsencrypt auto-renew cronjob failing

Question

I'm running a script provided by rehmatworks to install a LetsEncrypt certificate, which (in addition to the initial install) sets up a monthly cronjob to auto renew. Everything installs fine, however, the cron job is failing, and I can't seem to figure out why.

Here is the cron job (from root 'crontab -e'):

@monthly "sudo service nginx-sp stop && yes | letsencrypt --standalone renew &>/dev/null && service nginx-sp start && service nginx-sp reload"

Which fails with a not found error:

/bin/sh: 1: sudo service nginx-sp stop && yes | letsencrypt --standalone renew &>/dev/null && service nginx-sp start && service nginx-sp reload: not found

Running directly from the command line work fine, however:

sudo service nginx-sp stop && yes | letsencrypt --standalone renew &>/dev/null && service nginx-sp start && service nginx-sp reload

Any ideas why this works from command line, but not via cron?

Manel Reis · Answer 1 · 2018-05-07T20:32:53.000

1

Try to specify the entire path to the binaries that you're using. I guess they aren't found since the $HOME variable or $PATH should be different to the root and user.

If what I said is the problem, the source of it must be the location of letsencrypt binary, probably not found by root

edited May 07 '18 at 20:32

answered May 07 '18 at 20:25

Manel Reis

11

WiKrIe · Answer 2 · 2018-05-14T11:15:53.233

This is already reported as issue to script provider:

https://github.com/rehmatworks/serverpilot-letsencrypt/issues/8

So you should wait for an answer there. It is not easy to give you a quality answer if we do not know the total background of the system, looks like some special environment.

Update: Issue is solved now by Scriptowner on Github, please checkout the Github. rehmatworks commented 12 hours ago

Solution: Please reclone the script and you will be able to do much more with great ease.

sorry
chris

Douglas McDonald · Accepted Answer · 2018-05-16T18:14:48.487

Update: rehmatworks has since updated the original script to address this issue.

Thanks to @steeldriver comments above, I've learned that the main problem is:

The crontab should be run using 'bash' (not the default 'sh'), because:
- &>/dev/null is bash syntax ('sh' would be >/dev/null 2>&1).
- sh does not recognize commands in quotation marks (produces 'not found' error).
The crontab should define the default PATH variables.
If the crontab is run under root, then don't need to use 'sudo' (although probably doesn't hurt).

To edit the root crontask, use sudo crontab -e -u root. Final looks like this:

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin

@monthly service nginx-sp stop && yes | letsencrypt --standalone renew &>/dev/null && service nginx-sp start && service nginx-sp reload
#

So far, seems like it works (but please confirm by reviewing logs).

Note: Not tested, but in terms of fixing the original install script, without having to define the shell environment separately, it's possible you could wrap the cron command in a bash subshell to make sure it gets run in bash (per askubuntu SE answer):

bash -c "bashcommand"

Letsencrypt auto-renew cronjob failing

3 Answers3