nginx-proxy-manager icon indicating copy to clipboard operation
nginx-proxy-manager copied to clipboard

Published 20 hours ago verified publisher icon NginxProxyManager

Another instance of Certbot is already running

Open cargnellogiacomo opened this issue 3 years ago • 13 comments

Describe the bug

  • I have some SSL certificates generated in NPM via Let's Encrypt that need to be renewed and I receive a message that 'Another instance of Certbot is already running.'
  • Nginx Proxy Manager version: 2.8.0

To Reproduce Steps to reproduce the behavior:

  1. Go to 'SSL Certificates'
  2. Click on 'Renew Now' for a specific certificate
  3. See error: [2/28/2021] [1:56:54 PM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates for Cert #3: xxxxxx.duckdns.org
    [2/28/2021] [1:56:57 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot renew --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-3" --preferred-challenges "dns,http" --disable-hook-validation
    Another instance of Certbot is already running.
    [2/28/2021] [2:01:29 PM] [SSL ] › ✖ error Error: Command failed: /usr/bin/certbot renew --non-interactive --quiet --config "/etc/letsencrypt.ini" --preferred-challenges "dns,http" --disable-hook-validation

Expected behavior The certificate is renewed without error.

Operating System

  • NPM latest image (2.8.0) on Docker (QNAP container station)

cargnellogiacomo avatar Feb 28 '21 14:02 cargnellogiacomo

i have the same issue with NPM 2.8.0.

I solved it: it seems to be a parsing error and NPM ist trying to renew the certificate in the background. so i just deleted the Certificate and issued a new one.

mbenkler avatar Mar 05 '21 16:03 mbenkler

I tried the same. I will see if at the time of the renewal I will notice the same issue.

cargnellogiacomo avatar Mar 09 '21 00:03 cargnellogiacomo

I'm experiencing this error on (docker) version 2.8.1 when issuing new letsencrypt cert.

henkisdabro avatar Mar 30 '21 01:03 henkisdabro

I ran into this with v2.8.1 docker image. In my case, I docker exec bash'd the npm app container and killed the existing certbot process. This allowed me to generate a certificate from the CLI and UI. This occurred on an earlier version of NPM from January, and after upgrading it to v2.8.1.

jzcad1828 avatar Mar 31 '21 02:03 jzcad1828

Also running into this issue. I docker exec'd in too and there was one running that seemed to be for renewal. Even if I kill that one, it still fails. I also checked and after killing the renewal one, there were no existing lock files for it.

Any other suggestions to fix?

EDIT: not sure what changed but mine seems to be working okay now

samr28 avatar Apr 02 '21 17:04 samr28

I ran into this with v2.8.1 docker image. In my case, I docker exec bash'd the npm app container and killed the existing certbot process. This allowed me to generate a certificate from the CLI and UI. This occurred on an earlier version of NPM from January, and after upgrading it to v2.8.1.

I cannot test now as NPM does not renew certificates that are not due for renewal. If you restart the container, do you see the same issue and do you need to kill everytime the certbot process?

cargnellogiacomo avatar Apr 03 '21 09:04 cargnellogiacomo

I have the same issue. It occurs when I attempt to create a new SSL cert in the SSL tab. If I attempt to renew a certificate or create a new certificate in the proxy host menu then I just get "Internal Error". I have restarted my container numerous times and have attempted to kill existing certbot processes. What occurs is a new certbot process will immediately start. I will even see multiple certbot processes in the ps menu and see different PIDs if I run multiple 'ps' commands in a row. Perhaps cerbot is continually being started by a background process on a loop due to some error that occurs, and thus there is always a lock when a certbot instance is called from the UI manually. The container logs didn't have any useful information, I'm not sure where to find a general log file.

Error: Command failed: /usr/bin/certbot certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-21" --agree-tos --preferred-challenges "dns,http" --domains xxxxxxxxxxxx Another instance of Certbot is already running.

at ChildProcess.exithandler (child_process.js:308:12)
at ChildProcess.emit (events.js:314:20)
at maybeClose (internal/child_process.js:1051:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5)

kamegami13 avatar Apr 11 '21 01:04 kamegami13 

docker exec -it container_name  /bin/bash
ps -ef | grep certb
kill <process id from prev. command>

Then new cert can be added. Seems like it was unable to renew the SSL cert (using DNS challenge in my case) and the process that was trying is re-spawned, even on --force-recreate container restart, even after SSL certificate deletion. Also using v2.8.1.

at-cf avatar Apr 23 '21 16:04 at-cf

A followup on this, I noticed certb has a new process id everytime i check. The commands below are run in quick succession, certb seems to be failing/restarting in an endless loop.

[root@docker-504864c54ac4:/app]# ps -ef | grep certb
27412 root      0:00 grep certb
[root@docker-504864c54ac4:/app]# kill 27412
bash: kill: (27412) - No such process
[root@docker-504864c54ac4:/app]# ps -ef | grep certb
27897 root      0:00 grep certb
[root@docker-504864c54ac4:/app]# ps -ef | grep certb
27947 root      0:00 grep certb
[root@docker-504864c54ac4:/app]# ps -ef | grep certb
27988 root      0:00 grep certb
[root@docker-504864c54ac4:/app]# ps -ef | grep certb
27990 root      0:00 grep certb
[root@docker-504864c54ac4:/app]# ps -ef | grep certb
28041 root      0:00 grep certb
[root@docker-504864c54ac4:/app]# ps -ef | grep certb
28043 root      0:00 grep certb
[root@docker-504864c54ac4:/app]# ps -ef | grep certb
28045 root      0:00 grep certb
[root@docker-504864c54ac4:/app]# ps -ef | grep certb
28086 root      0:00 grep certb
[root@docker-504864c54ac4:/app]# ps -ef | grep certb
28141 root      0:00 grep certb
[root@docker-504864c54ac4:/app]# ps -ef | grep certb
28182 root      0:00 grep certb
[root@docker-504864c54ac4:/app]#

kamegami13 avatar May 03 '21 17:05 kamegami13

A followup on this, I noticed certb has a new process id everytime i check. The commands below are run in quick succession, certb seems to be failing/restarting in an endless loop.

[root@docker-504864c54ac4:/app]# ps -ef | grep certb
27412 root      0:00 grep certb
[root@docker-504864c54ac4:/app]# kill 27412
bash: kill: (27412) - No such process
[root@docker-504864c54ac4:/app]# ps -ef | grep certb
27897 root      0:00 grep certb
[root@docker-504864c54ac4:/app]# ps -ef | grep certb
27947 root      0:00 grep certb
[root@docker-504864c54ac4:/app]# ps -ef | grep certb
27988 root      0:00 grep certb
[root@docker-504864c54ac4:/app]# ps -ef | grep certb
27990 root      0:00 grep certb
[root@docker-504864c54ac4:/app]# ps -ef | grep certb
28041 root      0:00 grep certb
[root@docker-504864c54ac4:/app]# ps -ef | grep certb
28043 root      0:00 grep certb
[root@docker-504864c54ac4:/app]# ps -ef | grep certb
28045 root      0:00 grep certb
[root@docker-504864c54ac4:/app]# ps -ef | grep certb
28086 root      0:00 grep certb
[root@docker-504864c54ac4:/app]# ps -ef | grep certb
28141 root      0:00 grep certb
[root@docker-504864c54ac4:/app]# ps -ef | grep certb
28182 root      0:00 grep certb
[root@docker-504864c54ac4:/app]#

grep certb is the process of you doing grep certb command at current time, it's not certbot process.

tarkh avatar May 14 '21 20:05 tarkh

I am not sure when exactly certbot does this, but there are two things you can do to fix this:
Kill the second certbot process if it is indeed running as already answered by others:

ps -ef | grep certb
kill <process id from prev. command>

The other possibility is that there isn't actually a second process running, but there is a lockfile left somewhere by certbot, which you can delete by running:

find / -type f -name ".certbot.lock" -exec rm {} \;

Unfortunately I don't think there is a "fix" to prevent this from occuring except to switch away from certbot, which is planned for v3.

Source

chaptergy avatar Oct 13 '21 16:10 chaptergy

I have the same issue, but something that is really weird, is that ps doesn't seem to be installed:

sudo docker compose exec app bash
[root@docker-c661c56fc90a:/app]# ps
bash: ps: command not found

How can this be? What am i missing?

eitch avatar Sep 08 '22 05:09 eitch

After installing procps ps is available. I find it weird that such a tool is missing, but so much other tools are available... Anyhow, i solved my issue. Thanks

eitch avatar Sep 08 '22 06:09 eitch

After installing procps ps is available. I find it weird that such a tool is missing, but so much other tools are available... Anyhow, i solved my issue. Thanks

Same situation for me. I think this issue should be something about certbot getting hung, and not having a way to clear it out.

Trolann avatar Jan 10 '23 21:01 Trolann

Issue is now considered stale. If you want to keep it open, please comment :+1:

github-actions[bot] avatar Mar 18 '24 01:03 github-actions[bot]