Hi guys I have a problem with my auto renewing certificate. I am using dns-route53 plugin which is working perfectly. I need to make the renewing automatically to happen not even to enter commands like certbot renew or something similar.
My domain is: example.com
I ran this command: cat /etc/letsencrypt/renewal/example.com.conf
It produced this output:
# renew_before_expiry = 30 days
version = 1.11.0
archive_dir = /etc/letsencrypt/archive/example.com
and all the other things down
My web server is (include version): apache
The operating system my web server runs on is (include version): amazon linux 2
My hosting provider, if applicable, is: aws
I can login to a root shell on my machine (yes or no, or I don't know):yes
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 1.11.0
So my question is if I uncomment the # renew_before_expiry = 30 days line. Will the auto renewing happens automatically when = 30 days ?
Thanks in advance. There is no cron jobs.
No, Certbot will renew from 30 days anyway (when running certbot renew), that's the default. The line you're mentioning should be left untouched.
Well, there's your problem. Certbot isn't a daemon/service itself, it just runs once and then quits. It can't magically start renewing certs, it needs a cronjob or systemd timer to run certbot renew periodically, usually twice a day.
Depending on how you installed Certbot, a systemd timer would already be provided. And some distribution packages also add a cronjob.
I did that last time (sudo certbot renew), now it is day 30 before expiring and it is not auto renewed. Do you need any specific configuration to see ?
Okay I will give you the output but I saw now a error
Failed to renew certificate example.com with error: Unable to locate credentials
To use certbot-dns-route53, configure credentials as described at https://boto3.readthedocs.io/en/latest/guide/configuration.html#best-practices-for-configuring-credentials and add the necessary permissions for Route53 access.
The problem is that there's nothing changed. I didn't change the aws keys or something like that on the amazon linux, also the policy is attached on the user. arghhh
That works too instead of environment variables of course
That depends. As said before, Certbot is not a daemon/service, but needs a cronjob or systemd timer to have certbot renew (with or without sudo, depending on the user of the cronjob) ran twice a day.
So basically now if I run again certbot renew it will give me output that the certificate does not need to be renewed ? And I need cronjob for that certbot renew 2 times a day so it will check every dayx2 and when it will reach the 30 days before expiring the cron job will renew the cert ?