On my personal servers I am using letsencrypt certs on debian and/or ubuntu. Several times now I couldn’t renew it automatically, due to a various of reasons, but there is one in particular I want to remember for future reference:
The nginx plugin is not working; there may be problems with your existing configuration.
when I run ‘-vvv’
Could not choose appropriate plugin: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError()
I wrote a script
#!/bin/bash
/root/letsencrypt/letsencrypt-auto renew
cp /etc/letsencrypt/live/ssl.sepio.pl/fullchain.pem /etc/ssl/mail-cyrus
cp /etc/letsencrypt/live/ssl.sepio.pl/privkey.pem /etc/ssl/mail-cyrus
cp /etc/letsencrypt/live/ssl.sepio.pl/fullchain.pem /etc/ssl/mail-postfix
cp /etc/letsencrypt/live/ssl.sepio.pl/privkey.pem /etc/ssl/mail-postfix
/etc/init.d/postfix restart
/etc/init.d/cyrus-imapd restart
It’s doing a little magic because it’s updating nginx (in the ‘auto’ mode), but also moving these keys for cyrus and postfix at the same time. (and you might want to add an ‘if’ to the first line to only execute the remainder if the first command is successful).
This is how I was calling it in cron:
50 21 3 * * (/bin/date ; /root/scripts/renew-cert.sh) >> /var/log/cert-refresh.log 2>> /var/log/cert-refresh.log
Now, the problem is that it doesn’t have the same environmental variables as we have in the interactive shell, and it cannot find paths for plugins. I changed cron to be like this:
50 21 3 * * /bin/bash -l -c "/bin/date ; /root/scripts/renew-cert.sh" >> /var/log/cert-refresh.log 2>> /var/log/cert-refresh.log
and voila, it works. ‘-l’ indicates that you want to run the command in a login shell, therefore loading .bash_profile and simulating user environment. (you could also source .bash_profile in your script).
Leave a Reply