What's new

Router restarting letsencrypt service every five minutes

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Neil Horowitz

Occasional Visitor
My RT-AC66U B1 router is showing in its system log that the letsencrypt service is restarting every five minutes. There are hundreds of instances of this posted every day as shown here:
May 11 02:05:00 rc_service: service 30329:notify_rc restart_letsencrypt
May 11 02:10:00 rc_service: service 30480:notify_rc restart_letsencrypt
May 11 02:15:00 rc_service: service 30629:notify_rc restart_letsencrypt
May 11 02:20:00 rc_service: service 30778:notify_rc restart_letsencrypt
May 11 02:25:00 rc_service: service 30928:notify_rc restart_letsencrypt
May 11 02:30:00 rc_service: service 31078:notify_rc restart_letsencrypt
May 11 02:35:00 rc_service: service 31232:notify_rc restart_letsencrypt
May 11 02:40:00 rc_service: service 31382:notify_rc restart_letsencrypt
May 11 02:45:00 rc_service: service 31532:notify_rc restart_letsencrypt

Is this normal or some type of error condition?
 
I suspect your Let's Encrypt certificate is failing to validate/renew for some reason. No way to tell what actual reason, code is closed source. I would recommend disabling Let's Encrypt in your case.
 
I had the same issue with beta1 I'm not sure if it's fixed with beta2 or reboot but all OK now.
 
I suspect your Let's Encrypt certificate is failing to validate/renew for some reason. No way to tell what actual reason, code is closed source. I would recommend disabling Let's Encrypt in your case.
I have the same message, I disabled let’s Encrypt but still have the message every 5 minutes in the log file.
Édit: Sorry, stop having the message after disabling « let’s Encrypt »
 
Last edited:
I was searching for this as I'm having the same issue. I did some digging, and found this. "*/5 * * * * service restart_letsencrypt #LetsEncrypt#" has been added to cru. What I was searching for is a possible reason for this being there to restart so frequently. I haven't found anything so far.

This is everything that was in cru:

*/5 * * * * /jffs/scripts/ntpmerlin generate #ntpMerlin#
*/5 * * * * /jffs/scripts/connmon generate #connmon#
25 8 * * * sh /jffs/scripts/firewall banmalware #Skynet_banmalware#
25 1 * * Mon sh /jffs/scripts/firewall update #Skynet_autoupdate#
*/2 * * * * /etc/openvpn/server1/vpns-watchdog1.sh #CheckVPNServer1#
*/2 * * * * /etc/openvpn/server2/vpns-watchdog2.sh #CheckVPNServer2#
0 * * * * sh /jffs/scripts/firewall save #Skynet_save#
*/5 * * * * service restart_letsencrypt #LetsEncrypt#

The log entry that I get is this: "custom_script: Running /jffs/scripts/service-event (args: restart letsencrypt)"

When I checked the service-event script it has this:

/jffs/scripts/YazFi bounceclients "$1" "$2" & # YazFi Guest Networks
/jffs/scripts/ntpmerlin generate "$1" "$2" & # ntpMerlin
/jffs/scripts/connmon generate "$1" "$2" & # connmon

When I grep the scripts in this there is nothing that comes back for letsencrypt. So I'm unsure why the log entry is referencing that script.

After disabling letsencrypt the cru entry was removed.

After re-adding it, this was added to cru: "49 6 */7 * * service restart_letsencrypt #LetsEncrypt#"

Here is what is in cru as of now:

*/5 * * * * /jffs/scripts/ntpmerlin generate #ntpMerlin#
*/5 * * * * /jffs/scripts/connmon generate #connmon#
*/2 * * * * /etc/openvpn/server1/vpns-watchdog1.sh #CheckVPNServer1#
*/2 * * * * /etc/openvpn/server2/vpns-watchdog2.sh #CheckVPNServer2#
25 9 * * * sh /jffs/scripts/firewall banmalware #Skynet_banmalware#
25 1 * * Mon sh /jffs/scripts/firewall update #Skynet_autoupdate#
0 * * * * sh /jffs/scripts/firewall save #Skynet_save#
49 6 */7 * * service restart_letsencrypt #LetsEncrypt#

I'm going to monitor it for awhile and see if it changes back to 5 min. If it doesn't I'll call it good to go. The only thing that I had done before this started was install connmon, but I don't see anything in the scripts that would have changed it.

I'm running 384.11 beta 2
 
Last edited:
I suspect your Let's Encrypt certificate is failing to validate/renew for some reason. No way to tell what actual reason, code is closed source. I would recommend disabling Let's Encrypt in your case.

I know this is an old thread - but interestingly I have had the same problem on an intermittent basis since installing 384-10 on my RT-AC5300 [not in prior versions]. As far as I could tell - the problem occurs after a reboot when the WAN takes a little longer than normal to connect and the router has already tried to validate the LetsEncrypt certificate but fails [for obvious reasons].

As @RMerlin has said this particular routine is closed source - but I suspect it is at this moment that the LetsEncrypt cron job is changed to every 5 minutes ... and the Asus closed code allows the router to continue its boot process.

My fix is simply to navigate to the DDNS Tab under gui WAN settings - and without changing anything - simply click the "Apply" button. This seems to force a proper certificate validation [with inadyn log lines] and ..."walla" ... the cron job for LetsEncrypt reverts to the configured time setting on that WAN tab [default is 21 days]. No more 5 minute interval restarts of LetsEncrypt!

When the WAN does connect really quickly and is up before LetsEncrypt tries to validate ... and succeeds - the every 5 minutes restart problem does not occur and the cron job time settings for LetsEncrypt remains at default described above.

Hope this helps other users who encounter the problem ;).
 
I know this is an old thread - but interestingly I have had the same problem on an intermittent basis since installing 384-10 on my RT-AC5300 [not in prior versions]. As far as I could tell - the problem occurs after a reboot when the WAN takes a little longer than normal to connect and the router has already tried to validate the LetsEncrypt certificate but fails [for obvious reasons].

As @RMerlin has said this particular routine is closed source - but I suspect it is at this moment that the LetsEncrypt cron job is changed to every 5 minutes ... and the Asus closed code allows the router to continue its boot process.

My fix is simply to navigate to the DDNS Tab under gui WAN settings - and without changing anything - simply click the "Apply" button. This seems to force a proper certificate validation [with inadyn log lines] and ..."walla" ... the cron job for LetsEncrypt reverts to the configured time setting on that WAN tab [default is 21 days]. No more 5 minute interval restarts of LetsEncrypt!

When the WAN does connect really quickly and is up before LetsEncrypt tries to validate ... and succeeds - the every 5 minutes restart problem does not occur and the cron job time settings for LetsEncrypt remains at default described above.

Hope this helps other users who encounter the problem ;).

I encountered the very same problem on 384.14_2 and this simple trick fixed it. Thank you! :)
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top