My web server is (include version): Apache/2.4.6 (CentOS)
The operating system my web server runs on is (include version): CentOS Linux release 7.8.2003 (Core)
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot --version
certbot 1.13.0
======================================
How do I find out how my cert is being auto renewed when I am not using certbot-auto and I am not running any script via crontab and the systemd service for certbot is not being used? In short, I cannot determine what/how my certbot is getting renewed (and it is getting renewed).
I would look in /var/log and grep some files for "letsencrypt" and "acme". you can also try to pin down the timing with the date in the active certificate. that may give you a hint about what client was invoked.
Found the above in the /etc/letsencrypt/renewal/account.conf file. Does this indicate that Apache handles the renewal processing?
The log file /var/log/letsencrypt/letsencrypt.log also shows:
2021-03-18 06:05:02,200:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-03-18 06:05:02,200:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/account.conf
2021-03-18 06:05:02,214:DEBUG:certbot._internal.plugins.selection:Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x7fd6694ecd90> and installer <certbot._internal.cli.cli_utils._Default object at 0x7fd6694ecd90>
2021-03-18 06:05:02,229:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2021-03-18 06:05:02,278:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2021-03-18 06:05:02,279:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/account.org/xxx.pem is signed by the certificate's issuer.
2021-03-18 06:05:02,286:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/account.org/xxx3.pem is: OCSPCertStatus.GOOD
2021-03-18 06:05:02,288:INFO:certbot._internal.renewal:Cert not yet due for renewal
2021-03-18 06:05:02,288:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2021-03-18 06:05:02,290:DEBUG:certbot._internal.plugins.selection:Selecting plugin: * apache
Description: Apache Web Server plugin
No, the other way around: certbot uses Apache for its authentication processing.
Certbot requires to be envoked by something: it doesn't just run on its own (although OS packages may add cronjobs or systemd timers).
Did you check the cronjob for the root user? You probably did, but it's easy to run crontab -l as the usual user and forget it doesn't list the root crontabs.
Also, to be clear: certbot-auto was just a wrapper script around the certbot program. It didn't make certbot auto-run or something like that.
Those are just the standard account directories used by certbot.
Perhaps you might see a pattern in the envocation of certbot in the logs from /var/log/letsencrypt. As far as I know, certbot generates a new log every time it runs. Your most recent log was apparently run today at 06:05. The most commonly used cronjob or systemd timers installed by OS packages are twice a day, but (unfortunately for diagnosing this issue) often include a random delay so the Let's Encrypt servers don't get peak usage at the whole hour. However, you might see logs appearing twice a day, which might hint to some kind of hidden (?) cronjob or systemd timer.