I have installed letsencrypt on Ubuntu 14.03 following this guide:
I also created a cron job for certificate renewal as described in the guide, but then found the following problem:
certbot-auto renew(as a non-root user) andsudo certbot-auto renewboth work when tested from the command line (certbot reports that the certificates are not due for renewal yet, as expected)- However, when the same command is run by cron (as root), certbot tries to upgrade itself.
Any idea why I am getting this different behaviour? What is the difference between running the command manually on a shell console and having it run by cron?
Update: I added --no-self-upgrade but it didn't make any difference. On further investigation I noticed the following:
sudo certbot-auto renew --dry-runworks finesudo su; certbot-auto renew --dry-runtries to upgrade certbot first
For some reason, certbot seems to think it is not properly installed when running in the second form.
Best Answer
This issue occurs because of the way
certbotwas installed.When not using a packaged distribution installation of
certbot, it can't ensure that all dependencies are met so to make sure it can run properly, it creates a virtual environment in your$HOME. When running withsudo, this is still your own$HOME. However, when running as root, this turns to/rootwhere the virtual environment is not present and thus,certbotcannot run without creating it. It's not upgrading itself so much as installing itself considering the new environment it is run from.