Automatice renew not working, certbot.renew.timer missing

wp.rauchholz · December 30, 2022, 4:51pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: wo-lar.com

I ran this command:
certbot is installed and certificate is ok. I can also do the try run to renew.
But the timer is missing

systemctl list-timers -all

It produced this output:

NEXT                         LEFT       LAST                         PASSED    UNIT                         ACTIVATES
Fri 2022-12-30 18:12:58 CET  26min left Fri 2022-12-30 16:53:15 CET  53min ago dnf-makecache.timer          dnf-makecache.service
Sat 2022-12-31 00:00:00 CET  6h left    Fri 2022-12-30 00:00:01 CET  17h ago   unbound-anchor.timer         unbound-anchor.service
Sat 2022-12-31 10:08:52 CET  16h left   Fri 2022-12-30 10:08:52 CET  7h ago    systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
n/a                          n/a        n/a                          n/a       certbot-renew.timer          certbot-renew.service

My web server is (include version):

httpd-2.4.37-51.module+el8.7.0+1059+126e9251.x86_64

The operating system my web server runs on is (include version):

Rocky Linux 8
kernel-4.18.0-425.3.1.el8.x86_64

My hosting provider, if applicable, is:
NA

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot --version

How can I fix this?

Thanks, Wolfgang

Osiris · December 30, 2022, 4:55pm

How did you install Certbot?

NB: the question is asking about the output of that command, not literally type over which command you would need to use.

rg305 · December 30, 2022, 4:56pm

Did you install, then remove, then reinstall certbot [via multiple methods]?

_az · December 30, 2022, 9:04pm

I assume you installed Certbot from EPEL8, which is packaged by third-party volunteers and not the Certbot team. You are free to install Certbot this way but is not the recommended installation method.

My understanding is that the Certbot package from EPEL is supposed to enable the renewal timer by default.

Originally, it did not, for some Fedora policy reason.

Then, Certbot was included in the list of packages that would be enabled by default.

Then, there was a bug which prevented it from being enabled properly, but it was fixed.

I tried installing Certbot from EPEL on CentOS 7, RockyLinux 8 and AlmaLinux 8, and the timer was not enabled by default on any of them. So I assume something is not working as intended and somebody probably needs to file a bug with EPEL.

Anyway, this should do the trick:

systemctl enable --now certbot-renew.timer

wp.rauchholz · December 31, 2022, 8:35am

Thank you!

That solved the problem.

Best regards,

system · January 30, 2023, 8:35am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.