Cerbot cron job?


#1

Hi all,

I have installed cerbot with apt-get install python-certbot-apache -t jessie-backports on my debian jessie, and make’s my cerficates with no problem, but I see on page :

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire.

but I didn’t see this cron job on my system ???
I trying to desinstall and reinstall but still no cron job. May be a bug …

Any link to download this original file ?
Thx.


#2

It’s a Debian thing, not something certbot itself would do.


#3

So, this cronjob is not include with the debian package ?


#4

Yes, it comes with the Debian package, but that package is not something Let’s Encrypt makes, but the Debian maintainers :wink:


#5

Hello @GlouGlou,

Yes, the debian certbot package includes a cron job, well, it indeed includes a cron job and a systemd timer.

cronjob
You should have it here /etc/cron.d/certbot

The content of this file:

# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc.  Renewal will only occur if expiration
# is within 30 days.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew

This cron job will be executed every 12 hours. If the file /usr/bin/certbot has the exe perms… AND there is no dir /run/systemd/system it will execute the renew command but If it detects this dir /run/systemd/system/ exists is because you are running systemd so it won’t execute the renew command. It won’t run the renew command because there is a systemd timer (a kind of cron job used by systemd) that was configured when you installed the certbot package.

systemd timer

You can check your systemd timers using command systemctl list-timers or systemctl list-timers --all if you also want to show inactive timers. Something like this:

# systemctl list-timers --all
NEXT                         LEFT     LAST                         PASSED    UNIT                         ACTIVATES
Sun 2016-12-11 00:00:00 CET  9h left  Sat 2016-12-10 13:48:13 CET  38min ago certbot.timer                certbot.service
Sun 2016-12-11 14:03:12 CET  23h left Sat 2016-12-10 14:03:12 CET  23min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
n/a                          n/a      n/a                          n/a       systemd-readahead-done.timer systemd-readahead-done.service

3 timers listed.

The certbot timer should be here /lib/systemd/system/certbot.timer and it will execute the command specified here /lib/systemd/system/certbot.service

certbot.timer will execute the certbot.service at 12 am and 12 pm.

# cat /lib/systemd/system/certbot.timer
[Unit]
Description=Run certbot twice daily

[Timer]
OnCalendar=*-*-* 00,12:00:00
RandomizedDelaySec=3600
Persistent=true

[Install]
WantedBy=timers.target

and certbot.service will execute the renew command.

# cat /lib/systemd/system/certbot.service
[Unit]
Description=Certbot
Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html
Documentation=https://letsencrypt.readthedocs.io/en/latest/
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot -q renew
PrivateTmp=true

I hope this helps.

Cheers,
sahsanu


Why is certbot attmepting renewal daily?
So many logfiles
CertBot Error, Too many certificates already issued
Certbot on Debian - Cron Job Configuration Not Working As Expected - Work when Command is Run in Bash
Updating my e-mail address with certbot
Https says certificate expired. certbot says it's good
#6

Thx so much sahsanu for all this informations.
I’m going to control and create this.
(but the question is why the cronjob file doesn’t being created when install ?)


#7

Hi @GlouGlou,

If you have the file /etc/cron.d/certbot then it was installed (you won’t see it if as root executes crontab -l). Maybe you installed a certbot package with some kind of bug, or previous to version 0.6.0-1 (here the changelog)… I don’t know but if it is not there then you could purge certbot using apt-get and and reinstall it and your cronjob should be there.

Cheers,
sahsaun


#8

No, I have controlled before posting here, and no /etc/cron.d/certbot ?!?!?
I also have tested a reinstall and the file still not created …
But with your help, I manually create the cron job.

One more time, thx so much sahsanu.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.