certbot-2.7: Command not found

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975
I've been having a problem getting certbot to run from a script to handle renewals that I've been using for a couple years that has ran without issue in the past. Seems something broke in the latest package version of py27-certbot so I uninstalled it and installed py37-certbot. When I run the command in the script from the terminal it runs fine without error. When trying to run the exact same command from my script via a cron task set in the GUI it's seems to still be trying to run py27-certbot which isn't installed and of course returns an error. This is run from a jail I have set up to handle my nginx reverse proxy. Nginx, openssl111 and certbot (and it's dependencies) are all that's installed in this jail.

The error:
Code:
/usr/local/bin/certbot-2.7: Command not found.
Command: csh /renew.sh failed! 


The script:
Code:
#!/bin/sh
/usr/local/bin/certbot renew --post-hook "service nginx restart" --quiet


The only thing I've been able to find online remotely similar is this thread on the FreeBSD forums but trying the things listed there didn't help.

I don't know what to do to fix this. The simlink seems fine so I don't know what is triggering certbot to try to use the older version. How do I go about debugging this? The letsencrypt error log isn't much help.
 
Last edited:

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,465
It doesn't really answer your question, but I really don't like using certbot if I can help it--it's a tangled mess of dependencies that's far more complicated than it needs to be. Unless I'm using acme-dns for validation (because the available hook script for certbot works much more conveniently than acme.sh), I really prefer acme.sh.
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975
I know you're an acme fan and I may have to become one if I can't get this figured out. What I like about the way I'm doing it now is if there's an error it gets sent to my email. Every time a certificate gets renewed and nginx is restarted with the post hook command it triggers an error and I get an email and I know my certs are continuing to get renewed.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,465
Every time a certificate gets renewed and nginx is restarted with the post hook command it triggers an error and I get an email and I know my certs are continuing to get renewed.
I'm not sure why the outcome would be any different using a different client--certbot itself doesn't send any emails. Anyway, I know it's not a direct answer to your question, but I don't see any obvious reason for the behavior you're describing.

But if I really wanted you to come to the dark side, I'd be talking about Caddy, which handles all the certs for you...
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975
Did you think your issue had something to do with this thread? Because I don't see how it does.

(and if you don't want your domain known, you probably don't want your public IP address showing either).
??
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,465
Sorry, the post I was replying to was deleted, making mine make not much sense. The only connection to yours was that it also involved certbot.
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975
Tried uninstalling and changing back to the quarterly repo. Reinstalled with version 1.5.0 and now I'm getting a new error emailed to me.

Code:
__requires__: Command not found.
import: Command not found.
import: Command not found.
from: can't read /var/mail/pkg_resources
if: Empty if.
Command: csh /usr/local/bin/certbot renew --post-hook service nginx restart failed! 


Got tired of trying to fix this so I decided to spin up a new jail and start fresh. Same error as above when running from a cron task but renew command works fine from the terminal. When I run the script from the terminal I get the same old error above:

Code:
/renew.sh: /usr/local/bin/certbot-2.7: not found


I have no idea why it's trying to run certbot-2.7 as it's not installed in the jail. Now I'm completely lost.......
 
Joined
Jul 10, 2016
Messages
521
Did you see this: https://github.com/certbot/certbot/issues/5226 Looks like the same error.

When I run the command in the script from the terminal it runs fine without error. When trying to run the exact same command from my script via a cron task set in the GUI it (...) returns an error.

Something else is confusing. When you say GUI, I understand that means the FreeNAS host. When you run from the terminal, is that the host or the jail? The original posting doesn't mention if you're adding e.g. jexec or ssh to execute the script in the jail versus the host.
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975
Ok just a follow up here in case anyone is watching this. Something obviously changed when certbot was updated to use python 3.7. Installing py37-certbot creates a symlink with the following contents:

Code:
#!/usr/local/bin/python3.7
# EASY-INSTALL-ENTRY-SCRIPT: 'certbot==1.7.0','console_scripts','certbot'
__requires__ = 'certbot==1.7.0'
import re
import sys
from pkg_resources import load_entry_point

if __name__ == '__main__':
    sys.argv[0] = re.sub(r'(-script\.pyw?|\.exe)?$', '', sys.argv[0])
    sys.exit(
        load_entry_point('certbot==1.7.0', 'console_scripts', 'certbot')()
    )


Obvious;y that's some sort of python script but since I know nothing about python I have no clue what it does. Installing the py27-certbot package does not create this symlink. So just as an experiment I backed up the symlink and deleted it and changed my script to call certbot-3.7 directly and now it works. I don't know if deleting the symlink will have any negative effects on anything else but for now it fixes my issue. And for the record I followed all the official instructions on certbot's web page to set up periodic renewals as well as setting up a cron task within the jail and none of them would work.
 
Top