Automatic cert renewal is broken (possibly due to cron env?)
I'm consistently finding that the certbot renewal cronjob fails when a certificate actually needs renewing. It looks like the ACME challenge request that certbot makes to the server returns a 404 page instead of the correct response. When I run the exact same command from the crontab in a shell, it works fine and the certificate gets renewed. Possibly there's something missing from the environment cron runs commands in?
This is what the error looks like (redacting my domain name, IP, and the actual acme challenge path)
Challenge failed for domain example.com
http-01 challenge for example.com
Reporting to user: The following errors were reported by the server:
Domain: example.com
Type: unauthorized
Detail: Invalid response from https://example.com/.well-known/acme-challenge/SoMeR4Nd0mJuNk [my ip address]: "\n<!doctype html>\n<html lang=\"en\">\n<head>\n <title>Not Found</title>\n</head>\n<body>\n <h1>Not Found</h1><p>The requested resource"