Renew Let's Encrypt without root access
I'm in a peculiar and unfortunate situation where our network administrator suddenly passed away and no one was prepared for taking over the server management. We have an internal Linux VM that runs client-facing APIs and I just received notice that the Let's Encrypt SSL will expire on 7/1/2021.
I am not sure if the network admin set it to auto-renew... There is no mention of certbot
in the "normal" crontab (accessed by crontab -e
), but there is the following in /etc/cron.d/certbot
:
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
Note: I am not familiar with any of this, so my descriptions above may be off...
I have SSH access via a user on the server, but not root access. It doesn't seem like the network admin stored the root password anywhere. If I try to manually renew the SSL just to be safe via certbot renew --dry-run
, I get the following:
The following error was encountered:
[Errno 13] Permission denied: '/var/log/letsencrypt/.certbot.lock'
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.
So, is there any way to know for sure if the existing SSL will eventually auto-renew on its own, or a way to renew without root access?
Thanks in advance.
If you want to replace this certificate (if it won't renew itself) without downtime I see only one option - reverse proxy on second server.
All in all you will have to break in. Easiest way is to reboot server, add boot parameters "single init=/bin/bash", use passwd to change password and then reboot again - there might be some additional steps depend on distro - you will find instructions on the internet easily.