Cerbot cron job?

Hello @GlouGlou,

Yes, the debian certbot package includes a cron job, well, it indeed includes a cron job and a systemd timer.

cronjob
You should have it here /etc/cron.d/certbot

The content of this file:

# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc.  Renewal will only occur if expiration
# is within 30 days.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew

This cron job will be executed every 12 hours. If the file /usr/bin/certbot has the exe perms… AND there is no dir /run/systemd/system it will execute the renew command but If it detects this dir /run/systemd/system/ exists is because you are running systemd so it won’t execute the renew command. It won’t run the renew command because there is a systemd timer (a kind of cron job used by systemd) that was configured when you installed the certbot package.

systemd timer

You can check your systemd timers using command systemctl list-timers or systemctl list-timers --all if you also want to show inactive timers. Something like this:

# systemctl list-timers --all
NEXT                         LEFT     LAST                         PASSED    UNIT                         ACTIVATES
Sun 2016-12-11 00:00:00 CET  9h left  Sat 2016-12-10 13:48:13 CET  38min ago certbot.timer                certbot.service
Sun 2016-12-11 14:03:12 CET  23h left Sat 2016-12-10 14:03:12 CET  23min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
n/a                          n/a      n/a                          n/a       systemd-readahead-done.timer systemd-readahead-done.service

3 timers listed.

The certbot timer should be here /lib/systemd/system/certbot.timer and it will execute the command specified here /lib/systemd/system/certbot.service

certbot.timer will execute the certbot.service at 12 am and 12 pm.

# cat /lib/systemd/system/certbot.timer
[Unit]
Description=Run certbot twice daily

[Timer]
OnCalendar=*-*-* 00,12:00:00
RandomizedDelaySec=3600
Persistent=true

[Install]
WantedBy=timers.target

and certbot.service will execute the renew command.

# cat /lib/systemd/system/certbot.service
[Unit]
Description=Certbot
Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html
Documentation=https://letsencrypt.readthedocs.io/en/latest/
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot -q renew
PrivateTmp=true

I hope this helps.

Cheers,
sahsanu