A SNAPSHOT upgrade has broken my acme configuration and I'm stumped as to how to fix it.
The symptoms are that crond tries to run the acme service every minute, as evidence by the log entries:
Wed Dec 11 16:21:00 2024 cron.err crond[15173]: line /etc/init.d/acme start
Wed Dec 11 16:22:00 2024 cron.err crond[15173]: wakeup dt=60
Wed Dec 11 16:22:00 2024 cron.err crond[15173]: file root:
Wed Dec 11 16:22:00 2024 cron.err crond[15173]: line /etc/init.d/acme start
Wed Dec 11 16:23:00 2024 cron.err crond[15173]: wakeup dt=60
Wed Dec 11 16:23:00 2024 cron.err crond[15173]: file root:
...
I have checked the crontab entry, and for stray characters:
0 0 * * * /etc/init.d/acme start
I have checked the file permissions of the acme script:
root@openwrtfritz7530:~# ls -vl /etc/init.d/acme
-rwxr-xr-x 1 root root 3819 Dec 9 10:21 /etc/init.d/acme
The script runs from the command line as the user root:
root@openwrtfritz7530:~# /etc/init.d/acme start
acme-acmesh: Running ACME for *.example.org with validation_method dns
acme-acmesh: /usr/lib/acme/client/acme.sh --ecc --renew --home /etc/acme -d .example.org
Renew: '.example.org'
Renew to Le_API=https://acme.zerossl.com/v2/DV90
Skip, Next renewal time is: 2025-02-08T14:26:54Z
Add '--force' to force to renew.
I uninstalled acme with a view to reinstalling it. This broke apk update, probably because of wget vs. uclient-fetch or/and a resulting missing certificate. A re-update fixed that. Also tried apk repair which made no difference.
By way of background, I have the following packages installed acmeacme-acmesh-dnsapi & luci-app-acme.
Further testing on another OpenWRT device makes me think the route cause is cron rather than anything to do with acme. Creating as harmless a command as possible causes the similar log entries, even when later deleting the crontab file.
Unrelated contributors to the difficulty in understanding my symptoms are that acme seems to store certificates in /etc/acme whereas luci-app-acme expects them in /etc/ssl/acme. Thus it appears that acme isn't being called, whereas it is actually being called but just doing nothing. Then also, luci-app-acme asks for ec-256 certificates and acme expects ec256 with the hyphen. True but not material.
I will have updated this thread when I find now that I have logged the solutions to these issues (having already posted them in the right thread~~)~~.