Lets-encrypt renew - correct command for NC snap?

I see some older posts about this issue, but my question is:

For a Nextcloud snap install, is this the right command to renew the https certificate?

sudo nextcloud.enable-https lets-encrypt renew

Or should I leave out ‘renew’ at the end?

When I type sudo nextcloud.enable-https -h I see it says the original lets-encrypt command should automatically keep the certificate up-to-date, but I recently got a renewal warning via email.

When typing the command with ‘renew’ at the end, I do get the message:

Attempting to obtain certificates… done
find: Failed to restore initial working directory: /home/username: Permission denied
Restarting apache… done

I don’t know if the error message in the middle is a problem, but my Nextcloud seems unaffected.

The snap should be renewing them automatically, so you shouldn’t need to do this. Are you seeing issues with that process?

Yes, I got an email this week from expiry@letsencrypt.org starting with:

Your certificate (or certificates) for the names listed below will expire in 19days. Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.

I didn’t want to risk it not renewing, so I entered the command

sudo nextcloud.enable-https lets-encrypt renew

I don’t mind renewing manually, but wonder why it’s not working automatically. Ports 80 and 443 are open.

Let’s take a gander at your logs. Can I see the output of sudo snap logs -n 100 nextcloud.renew-certs, please?

2022-10-02T04:56:21+02:00 nextcloud.renew-certs[4116895]: Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
2022-10-02T04:56:21+02:00 nextcloud.renew-certs[4116895]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-02T04:56:21+02:00 nextcloud.renew-certs[4116895]: Processing
2022-10-02T04:56:21+02:00 nextcloud.renew-certs[4116895]: /var/snap/nextcloud/current/certs/certbot/config/renewal/timocloud.be.conf
2022-10-02T04:56:21+02:00 nextcloud.renew-certs[4116895]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-02T04:56:22+02:00 nextcloud.renew-certs[4116895]: Cert not yet due for renewal
2022-10-02T04:56:22+02:00 nextcloud.renew-certs[4116895]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-02T04:56:22+02:00 nextcloud.renew-certs[4116895]: The following certs are not due for renewal yet:
2022-10-02T04:56:22+02:00 nextcloud.renew-certs[4116895]: /var/snap/nextcloud/current/certs/certbot/config/live/timocloud.be/fullchain.pem expires on 2022-12-26 (skipped)
2022-10-02T04:56:22+02:00 nextcloud.renew-certs[4116895]: No renewals were attempted.
2022-10-02T04:56:22+02:00 nextcloud.renew-certs[4116895]: No hooks were run.
2022-10-02T04:56:22+02:00 nextcloud.renew-certs[4116895]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: Processing
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: /var/snap/nextcloud/current/certs/certbot/config/renewal/timocloud.be.conf
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: Cert not yet due for renewal
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: The following certs are not due for renewal yet:
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: /var/snap/nextcloud/current/certs/certbot/config/live/timocloud.be/fullchain.pem expires on 2022-12-26 (skipped)
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: No renewals were attempted.
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: No hooks were run.
2022-10-03T04:56:25+02:00 nextcloud.renew-certs[52729]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: Processing
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: /var/snap/nextcloud/current/certs/certbot/config/renewal/timocloud.be.conf
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: Cert not yet due for renewal
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: The following certs are not due for renewal yet:
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: /var/snap/nextcloud/current/certs/certbot/config/live/timocloud.be/fullchain.pem expires on 2022-12-26 (skipped)
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: No renewals were attempted.
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: No hooks were run.
2022-10-04T04:56:28+02:00 nextcloud.renew-certs[187442]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: Saving debug log to /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: Processing
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: /var/snap/nextcloud/current/certs/certbot/config/renewal/timocloud.be.conf
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: Cert not yet due for renewal
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: The following certs are not due for renewal yet:
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: /var/snap/nextcloud/current/certs/certbot/config/live/timocloud.be/fullchain.pem expires on 2022-12-26 (skipped)
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: No renewals were attempted.
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: No hooks were run.
2022-10-05T04:56:32+02:00 nextcloud.renew-certs[315860]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

That sounds healthy to me. I think you’re in good shape. I’m not sure what the email from LE is about.

Thanks, but isn’t that because I ran the renew command today?

No-- there is no renew command. You can see the cert is fine all the way back to a few days ago:

Ah, ok, thanks. So I guess the command “sudo nextcloud.enable-https lets-encrypt renew” either doesn’t do anything, or doesn’t do anything if a certificate is not in need of renewal.

I really appreciate the support and teaching here.

I’m pretty sure the “renew” part of the command you ran was just completely ignored, is all. There is no renew command available, since the snap is made to just take care of that for you.

Hi,

Is your certificate automatically renewed?