Do I understand correctly that the certbot-auto renew command renews the certificate when it is more than 60 days old?
For example, I issued a certificate and now every 12 hours, will it execute my command and if the certificate is older than 60 days, will it be renewed?
Looking at how this is written, it does not support automatic renewal. The required TXT record will be different at every renewal, and will require human intervention.
You need to add a --manual-auth-hook if you want this to be automatic.
You still need to put it in your router, but certbot remembers that you ran the script once, and it runs it again without being told. (You should use --deploy-hook for that, not --post-hook)
It's unadvisable, you should use --dry-run, or you can just make certbot install the cert with certbot install --cert-name $CERT_NAME --deploy-hook /path/to/your/script.sh
--pre-hook PRE_HOOK Command to be run in a shell before obtaining any
certificates. Intended primarily for renewal, where it
can be used to temporarily shut down a webserver that
might conflict with the standalone plugin. This will
only be called if a certificate is actually to be
obtained/renewed. When renewing several certificates
that have identical pre-hooks, only the first will be
executed. (default: None)
--post-hook POST_HOOK
Command to be run in a shell after attempting to
obtain/renew certificates. Can be used to deploy
renewed certificates, or to restart any servers that
were stopped by --pre-hook. This is only run if an
attempt was made to obtain/renew a certificate. If
multiple renewed certificates have identical post-
hooks, only one will be run. (default: None)
--deploy-hook DEPLOY_HOOK
Command to be run in a shell once for each
successfully issued certificate. For this command, the
shell variable $RENEWED_LINEAGE will point to the
config live subdirectory (for example,
"/etc/letsencrypt/live/example.com") containing the
new certificates and keys; the shell variable
$RENEWED_DOMAINS will contain a space-delimited list
of renewed certificate domains (for example,
"example.com www.example.com" (default: None)