I have been using Lets Encrypt for my site certificates now for a long time and I have always had to ssh into the server and run the command to renew.
I was looking for a way to do this on a schedule so that I didn’t have to manually perform this process. I have seen several posts on the forum here about “wanting” to do this, but none that ever seemed to get it to work.
So, I tried doing it under crontab and that is where everything seems to go wrong.
It turns out that scripts running under crontab cannot execute commands that start with “sudo” because it would be allowing an automated script to take root root privileges without being monitored. I have actually run into this before when trying to automate some other system functions.
The only way I was able to get anything to run as root from crontab was to actually login as root and create the crontab entry so that the user level permissions are in fact root.
We have a similar problem with ERPNext and Lets Encrypt. In order to get the bench command “sudo bench renew-lets-encrypt” command to run, you also have to be able to stop nginx. This is where the problem exists.
Stopping and restarting nginx is a system level command requiring the sudo prefix.
Now, I have been told that root user should NEVER execute commands in bench, so I am not sure now how to get past this issue.
Has anyone else successfully automated the renewal process? If so how?
I have continued using the manual method up to this point because the bench command for renewal uses python 2.7
I wanted to wait until the ERPNext dev’s finally get to the point of standardizing the system on python3. That did not happen “officially” until they closed the following github issue earlier today!!
Soooo… Now I will wait another few weeks when my certificates come due again and try the new again.