About automatic renewal with crontab

My domain is: japan.co.jp

I ran this command:04 14 05 * * sudo /etc/letsencrypt/live/japan.co.jp/renewal.exp && sudo systemctl restart httpd

It produced this output:c
ertificate is issued well, but sudo systemctl restart httpd has not been successful since then

My web server is (include version): Apache/2.4.57

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 1.11.0

I entered the following commands with crontab
04 14 05 * * I entered the following command with sudo /etc/letsencrypt/live/japan.co.jp/renewal.exp & sudo systemctl restart httpd

but for some reason, sudo systemctl restart httpd does not execute
plz help also Sometimes Renew & replace, I'm instructed to enter a DNS TXT record that's already registered, is this something I ask for regularly?

I appreciate your cooperation

What's that /etc/letsencrypt/live/japan.co.jp/renewal.exp for file? It's not part of Certbot.

Please show the entire, literal output.

1 Like

Thank you for your answer.

What's that /etc/letsencrypt/live/japan.co.jp/renewal.exp for file? It's not part of Certbot.

spawn sudo certbot certonly --manual --preferred-challenges dns --agree-tos --manual-public-ip-log -d japan.co.jp

set timeout 10

expect "Select the appropriate number \[1-2\] then \[enter\]"

send "2\r"

set timeout 10

expect eof


Please show the entire, literal output.

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate for japan.co.jp
Performing the following challenges:
dns-01 challenge for japan.co.jp

Please deploy a DNS TXT record under the name
_acme-challenge.japan.co.jp with the following value:


Before continuing, verify the record is deployed.

Press Enter to Continue
Waiting for verification...

Cleaning up challenges

I think the command above is only the command that comes out when issuing the certificate for the first time, but why does this command come out periodically

Because for every renewal, a new challenge is required. That's why using the --manual plugin without --manual-auth-hook (and consequently --manual-cleanup-hook) cannot automatically renew. See User Guide — Certbot 2.6.0 documentation for more info.

Using the dns-01 challenge means for automation some sort of API to add and remove the TXT RR is required.

Can't you use the http-01 challenge instead of using DNS?

How usually renewing works is:

  • you get an automated certificate without manual user intervention (besides running the command)
    • with this command use the --deploy-hook to also automate the systemctl restart httpd command from within Certbot at renewal :arrow_right: no separate && command necessary
  • you run certbot renew (with or without sudo, depending on the user) twice a day using a cronjob or systemd timer

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.