May I ask whether the automatic renewal of Cerbort is that I don't need to manage as long as I get the certificate, or I need to execute the command to renew the certificate at the time, and whether the automatic renewal generates a new certificate or adds time to the original certificate
Depends on how Certbot was installed and if a cronjob/systemd timer was also installed with that installation.
The latter is technically impossible: the certificates signature would be invalidated if the contents of the certificate is modified. Thus every change in the contents of a certificate requires the issuance of, technically, a brand new certificate. A "renewed certificate" is just a "made up" term for a new certificate with the same contents of a previous certificate.
1 Like
Is cronjob/systemd installed by default?
1 Like
use the bash install(snap install --classic certbo)
When installed using snap, Certbot should automatically renew using its snap systemd timer.
2 Likes
So, I don't need to manipulate him anymore, he will automatically renew my subscription
Yes. A cert "renewal" is really getting another cert. We call it a "renewal" when it contains the same set of domain names as a previous one. And, Certbot's timer runs its "renew" command to renew any cert you previously requested with Certbot
Your cert request and its domain names will have to satisfy the same "challenge" used when you first got that cert. But, yes, as long as you keep satisfying these challenges you will get a fresh set of cert files that replace your previous ones.
Sometimes the service (like a web server) needs to be reloaded so it sees the new cert files. You did not give any details about your system so I can't be any more specific than that.
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.