Automatic Renewal of certifications: what's the correct procedure?

Help
22

@EmberHeartshine
Following the indications found here:

04ServerGuide
crontabUbuntu18.04ServerGuide.jpg2523×3133 594 KB
I added this line

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep
 int(rand(43200))' && certbot -q renew

to the crontab file

Based on the hints found here: https://serverfault.com/questions/790772/cron-job-for-lets-encrypt-renewal, I also systemctl enabled certbot.timer :

marco@pc01:/etc/cron.d$ systemctl enable certbot.timer
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-unit-files ===
Authentication is required to manage system service or unit files.
Authenticating as: marco
Password: 
==== AUTHENTICATION COMPLETE ===
==== AUTHENTICATING FOR org.freedesktop.systemd1.reload-daemon ===
Authentication is required to reload the systemd state.
Authenticating as: marco
Password: 
==== AUTHENTICATION COMPLETE ===

marco@pc01:/etc/cron.d$ systemctl start certbot.timer
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to start 'certbot.timer'.
Authenticating as: marco
Password: 
==== AUTHENTICATION COMPLETE ===


marco@pc01:/etc/cron.d$ sudo systemctl list-timers
[sudo] password for marco: 
NEXT                         LEFT        LAST                         PASSED       UNIT  
                         ACTIVATES
Sat 2019-07-20 02:53:15 UTC  8h left     Fri 2019-07-19 14:14:58 UTC  3h 40min 
  ago motd-news.timer              motd-news.service
Sat 2019-07-20 05:30:07 UTC  11h left    Fri 2019-07-19 13:26:36 UTC  4h 28min 
 ago certbot.timer                certbot.service
Sat 2019-07-20 05:33:22 UTC  11h left    Fri 2019-07-19 13:26:36 UTC  4h 28min
 ago apt-daily.timer              apt-daily.service
Sat 2019-07-20 06:34:30 UTC  12h left    Fri 2019-07-19 13:26:36 UTC  4h 28min
 ago apt-daily-upgrade.timer      apt-daily-upgrade.service
Sat 2019-07-20 13:41:58 UTC  19h left    Fri 2019-07-19 13:41:58 UTC  4h 13min
 ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
Mon 2019-07-22 00:00:00 UTC  2 days left Mon 2019-07-15 06:23:55 UTC  4
 days ago   fstrim.timer                 fstrim.service
n/a                          n/a         Fri 2019-07-19 13:28:50 UTC  4h 26min ago   
ureadahead-stop.timer        ureadahead-stop.service

7 timers listed.
Pass --all to see loaded but inactive timers, too.

As far as I understand the renewal process should now restart properly… am I right or is there something more to do and / or to fix?

And another thing I do not understand is that in this file

 nano /lib/systemd/system/certbot.timer 

[Unit]
Description=Run certbot twice daily

[Timer]
OnCalendar=*-*-* 00,12:00:00
RandomizedDelaySec=43200
Persistent=true

[Install]
WantedBy=timers.target

seems that it is already set to run certbot twice a day… why it didn’t happen then?

Thanks again for your kind help.
Marco

23

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.