[LINUX] Let's Encrypt certbot renew automatic update error

After getting the ssl certificate using Let's Encrypt, I set up automatic renewal, but I will introduce one solution when an error occurs and it is not automatically renewed.

Premise

· Debian (GCP) -Obtaining an SSL certificate using Let's Encrypt and making it https has been completed.

Target

Since the SSL certificate of Let's Encrypt has an expiration date of 3 months, the nerew command is periodically executed by crontab to automatically renew the certificate.

Settings before change (execution schedule part omitted)

crontab


certbot renew --post-hook "/etc/init.d/apache2 restart"
Update error

It says it can't be updated because the port is in use. I had to stop the running web server (service for updating SSL certificate) and then execute the renew command.

WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/SITE_URI.conf produced an unexpected error: At least one of the required ports is already taken.. Skipping.
Settings after change (execution schedule part omitted)

crontab


certbot renew --pre-hook "/etc/init.d/apache2 stop" --post-hook "/etc/init.d/apache2 start"

Added --pre-hook option to the old command.

Supplement

-"/Etc/init.d/apache2 restart", "/etc/init.d/apache2 start", "/etc/init.d/apache2 stop" are commands to stop, start, and restart the web server. is. Please read according to the environment.

-If you add it to the root user's crontab, the command will be executed with root privileges. When adding to another user's crontab, you need to add sudo before the command like "sudo /etc/init.d/apache2 restart".

・ Replace certbot renew with certbot-auto depending on the environment. Depending on the environment, the certbot directory may be specified. For example, / home / user_name / certbot renew.

Recommended Posts

Let's Encrypt certbot renew automatic update error
Let's Encrypt updated! What to do if the certbot renew command doesn't work
python chromedriver automatic update