Christian's picture

Hi :-)

I hope someone can help me out. A couple of month ago I replaced my turnkey wordexpress (running on VMware ESXi) with the latest version. I did the backup followed by restore (local - not cloud) and everything worked fine... Until my lets encrypts certificate ran out.

Now - when I try to renew the certificate (manyally) in "confconsole" I get this error: 

dehydrated-wrapper: FATAL :
dehydrated exited with a non-zero exit code


When I look in this file:  /var/log/confconsole/letsencrypt.log - I see this:

[2021-08-25 15:34:28] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2021-08-25 15:34:28] dehydrated-wrapper: WARNING: Python is still listening on port 80
[2021-08-25 15:34:28] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert, key and combined files.
[2021-08-25 15:34:29] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.

When I look at older log lines - I also see this:

[2021-07-31 00:50:01] cron: /etc/ssl/private/cert.pem has expired or will do so within 30 days. Attempting renewal.
/etc/dehydrated/ line 54: this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script: command not found

Does anyone have a clue on what the problem is ? My wordpress is still runing with expired certificate 

Jeremy Davis's picture

The dehydrated hook script is provided as part of the Confconsole Let's Encrypt plugin. But it is only copied from the store to the config directory if it doesn't already exist. It looks like you have a very old outdated version of it.

To get the latest version, first double check that you have the latest Confconsole:

apt update
apt install confconsole -y

The second line should either ensure that the latest version of Confconsole or install it. Either way, you should end up with version '2.0.2+5+g6f65330'.

Then remove the existing hook script:

rm /etc/dehydrated/

Now open Confconsole (via 'confconsole' command) and get a new LE cert. Everything should now "just work"...

Christian's picture

Thank you so much ! I Followed your steps and everything works now.


Another side questions (not important) - I have three (I think default) themes that are not able to update or able to delete. when trying to update, I get this:

The update process is starting. This process may take a while on some hosts, so please be patient.

Updating Theme Twenty Fifteen (1/1)

Downloading update from…
Unpacking the update…
Installing the latest version…
Removing the old version of the theme…
Theme update failed.

An error occurred while updating Twenty Fifteen: The update cannot be installed because we will be unable to copy some files. This is usually due to inconsistent file permissions. js, inc, genericons, css

All updates have been completed.


Its not important since im not using them - just wondering why I cannot update or delete - maybe you have a quick fix :-) ?


Thanks again !

Jeremy Davis's picture

Sounds like a permissions issue?! Try this:

chown -R www-data:www-data /var/www/wordpress

Then retry...

Also for what it's worth, as of v16.0+ the TurnKey WordPress appliance includes the wp-cli tool; along with a 'turnkey-wp' wrapper script. The wrapper script will run the relevant 'wp' command as the 'www-data' (webserver user account) and should ensure that the permissions remain as they should for interactive web UI updates and changes.

Christian's picture

Thanks again! it worked.

Guido's picture

Notworking unfortunately. Keep getting the same errors.

Jeremy Davis's picture

I'm more than happy to help out, but I need some more info.

Also, while it may be similar to the issues noted here, it's quite an old thread, so it's likely your issue isn't related to this thread. So it's best to start a new support thread of your own.

Please be sure to include the version of turnkey you are running, the underlying Debian version (it should match the turnkey version, but perhaps not?) plus the version of confconsole. I.e. the output of:

lsb_release -a
apt-cache policy confconsole

Also in the case of a Let's Encrypt cert not working, please provide the domain which you are trying to use. That allows me to double check that everything looks ok from outside.

Finally please include any other info that might be of value. E.g. where your sever is running. Whether it was previously working and now stopped, or whether this is a new set up, etc.

Add new comment