SNAPSHOT update broke cron?

A SNAPSHOT upgrade has broken my acme configuration and I'm stumped as to how to fix it.

The symptoms are that crond tries to run the acme service every minute, as evidence by the log entries:

Wed Dec 11 16:21:00 2024 cron.err crond[15173]: line /etc/init.d/acme start
Wed Dec 11 16:22:00 2024 cron.err crond[15173]: wakeup dt=60
Wed Dec 11 16:22:00 2024 cron.err crond[15173]: file root:
Wed Dec 11 16:22:00 2024 cron.err crond[15173]: line /etc/init.d/acme start
Wed Dec 11 16:23:00 2024 cron.err crond[15173]: wakeup dt=60
Wed Dec 11 16:23:00 2024 cron.err crond[15173]: file root:
...

I have checked the crontab entry, and for stray characters:

0 0 * * * /etc/init.d/acme start

I have checked the file permissions of the acme script:

root@openwrtfritz7530:~# ls -vl /etc/init.d/acme
-rwxr-xr-x 1 root root 3819 Dec 9 10:21 /etc/init.d/acme

The script runs from the command line as the user root:

root@openwrtfritz7530:~# /etc/init.d/acme start
acme-acmesh: Running ACME for *.example.org with validation_method dns
acme-acmesh: /usr/lib/acme/client/acme.sh --ecc --renew --home /etc/acme -d .example.org
Renew: '
.example.org'
Renew to Le_API=https://acme.zerossl.com/v2/DV90
Skip, Next renewal time is: 2025-02-08T14:26:54Z
Add '--force' to force to renew.

I uninstalled acme with a view to reinstalling it. This broke apk update, probably because of wget vs. uclient-fetch or/and a resulting missing certificate. A re-update fixed that. Also tried apk repair which made no difference.

By way of background, I have the following packages installed acme acme-acmesh-dnsapi & luci-app-acme.

Thoughts gratefully received.

Further testing on another OpenWRT device makes me think the route cause is cron rather than anything to do with acme. Creating as harmless a command as possible causes the similar log entries, even when later deleting the crontab file.

Just remove the cron debug logging setting from /etc/config/system and restart the cron service or reboot:

cronloglevel
5 = debug
7 = normal
9 = quiet/disabled

If you have configured the logging normal (or have no cronloglevel setting), system log shows the cron startup with level 7:

 OpenWrt SNAPSHOT, r28292-8108967e27
 -----------------------------------------------------
root@router6000:~# logread | grep cron
Wed Dec 11 19:56:59 2024 cron.err crond[2698]: crond (busybox 1.37.0) started, log level 7

(Fun fact: behaviour change is due to upstream Busybox fix of their cron log level handling.)

2 Likes

Unrelated contributors to the difficulty in understanding my symptoms are that acme seems to store certificates in /etc/acme whereas luci-app-acme expects them in /etc/ssl/acme. Thus it appears that acme isn't being called, whereas it is actually being called but just doing nothing. Then also, luci-app-acme asks for ec-256 certificates and acme expects ec256 with the hyphen. True but not material.

I will have updated this thread when I find now that I have logged the solutions to these issues (having already posted them in the right thread~~)~~.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.