make certbot wait for another instance

Question

What I'm trying to do here is the following: I've got a systemd service controlled by a timer that handles renewals of letsencrypt certificates. How these certificates are supposed to look like is laid down in config files.

[Unit]
Description=Let's Encrypt renewal

[Service]
Type=oneshot
Environment=CONFIG_FILE=/etc/letsencrypt/test.conf
ExecStart=-/usr/bin/certbot renew --quiet --agree-tos --noninteractive --no-random-sleep-on-renew

The renewal runs some post-processing scripts that make sure the certificates are deployed and installed.

If the config were to change between cert generation and the last renewal, those scripts would not find the certs under the expected name. The scripts then automatically trigger another script making sure the certificates are created:

if [[ ! -d /etc/letsencrypt/live/${CERT_NAME} ]]
then
  #certificate folder we expect isn't there , request a new cert
  . /etc/letsencrypt/renewal-hooks/request-new-cert.sh
fi

The problem I'm having is that during the execution of request-new-cert.sh I get an error Another Instance of Certbot is already running which makes the script fail.

Am I going about this wrong? Is there a better way to try to achieve what I'm trying to do?

Answer 1

If you are not able to kill process. Try:

  sudo kill -9 [PID]

Answer 2

Solution 1:

You need to kill the other certbot process. You can do that by rebooting the box or by killing the specific process. To find the certbot process, try:

ps -ef | grep certb

The process ID would be the first number after the user, like:

root 5555 5100 …

To kill the process, try:

kill 5555

Note: replace 5555 with your actual certbot PID#

Solution 2:

If it is not running, check whether there are .certbot.lock files in your system.

find / -type f -name ".certbot.lock"

If there are, you can remove them:

find / -type f -name ".certbot.lock" -exec rm {} \;

And try again.