I have installed letsencrypt on Ubuntu 14.03 following this guide:
I also created a cron job for certificate renewal as described in the guide, but then found the following problem:
certbot-auto renew
(as a non-root user) andsudo certbot-auto renew
both work when tested from the command line (certbot reports that the certificates are not due for renewal yet, as expected)- However, when the same command is run by cron (as root), certbot tries to upgrade itself.
Any idea why I am getting this different behaviour? What is the difference between running the command manually on a shell console and having it run by cron?
Update: I added --no-self-upgrade
but it didn't make any difference. On further investigation I noticed the following:
sudo certbot-auto renew --dry-run
works finesudo su; certbot-auto renew --dry-run
tries to upgrade certbot first
For some reason, certbot seems to think it is not properly installed when running in the second form.
Best Answer
This issue occurs because of the way
certbot
was installed.When not using a packaged distribution installation of
certbot
, it can't ensure that all dependencies are met so to make sure it can run properly, it creates a virtual environment in your$HOME
. When running withsudo
, this is still your own$HOME
. However, when running as root, this turns to/root
where the virtual environment is not present and thus,certbot
cannot run without creating it. It's not upgrading itself so much as installing itself considering the new environment it is run from.