Cerbot cron job?

sahsanu · December 10, 2016, 1:42pm

Yes, the debian certbot package includes a cron job, well, it indeed includes a cron job and a systemd timer.

cronjob
You should have it here /etc/cron.d/certbot

The content of this file:

# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc.  Renewal will only occur if expiration
# is within 30 days.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew

This cron job will be executed every 12 hours. If the file /usr/bin/certbot has the exe perms… AND there is no dir /run/systemd/system it will execute the renew command but If it detects this dir /run/systemd/system/ exists is because you are running systemd so it won’t execute the renew command. It won’t run the renew command because there is a systemd timer (a kind of cron job used by systemd) that was configured when you installed the certbot package.

systemd timer

You can check your systemd timers using command systemctl list-timers or systemctl list-timers --all if you also want to show inactive timers. Something like this:

# systemctl list-timers --all
NEXT                         LEFT     LAST                         PASSED    UNIT                         ACTIVATES
Sun 2016-12-11 00:00:00 CET  9h left  Sat 2016-12-10 13:48:13 CET  38min ago certbot.timer                certbot.service
Sun 2016-12-11 14:03:12 CET  23h left Sat 2016-12-10 14:03:12 CET  23min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
n/a                          n/a      n/a                          n/a       systemd-readahead-done.timer systemd-readahead-done.service

3 timers listed.

The certbot timer should be here /lib/systemd/system/certbot.timer and it will execute the command specified here /lib/systemd/system/certbot.service

certbot.timer will execute the certbot.service at 12 am and 12 pm.

# cat /lib/systemd/system/certbot.timer
[Unit]
Description=Run certbot twice daily

[Timer]
OnCalendar=*-*-* 00,12:00:00
RandomizedDelaySec=3600
Persistent=true

[Install]
WantedBy=timers.target

and certbot.service will execute the renew command.

# cat /lib/systemd/system/certbot.service
[Unit]
Description=Certbot
Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html
Documentation=https://letsencrypt.readthedocs.io/en/latest/
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot -q renew
PrivateTmp=true

I hope this helps.

Cheers,
sahsanu

Topic		Replies	Views
Crontab job renewal Server	4	3570	May 20, 2018
Persistence Of cert.org installation Help	12	752	December 8, 2018
Get certificate with nginx plugin but disable cron task possible? Help	10	214	May 26, 2024
How to automate renewal on Debian Buster Help	11	3686	May 21, 2020
Cron job possible problem on ubuntu 16.04 Help	12	2664	November 5, 2017

Cerbot cron job?

Related topics