I accessed one of my sites recently to find the SSL is invalid. Rookie error, I thought! I had probably just forgotten to setup a cron for auto renewing the SSL certificate for Let’s Encrypt… So I goto run the command manually,
sudo certbot renew
but it tells me there are no certificates to renew .
How odd, I thought; let me trouble shoot this. I find my certificate has been renewed, but still an invalid warning is appearing ony my site. I look into my root cron:
sudo crontab -l
and find I do have the command set for renewing. I restart nginx manually and the warning on the website is gone. So what’s gone wrong?
43 6 * * * certbot renew --post-hook "systemctl restart nginx"
Solution
Within the post-hook option, it seems like a minimal $PATH is used, so post-hook option isn’t finding the systemctl
command. I update the command to have the full path, and this shouldn’t trouble us again .
43 6 * * * certbot renew --post-hook "/bin/systemctl restart nginx"