Certbot-auto fails to install automatic renewal?

I am using kernel 3.10 on CentOS 7. I have successfully installed CertBot 1.10.1 using alternative installation instructions as certbot-auto . Running certbot-auto successfully generated certificates for my nginx (1.7.8) installation. Simulating renewal with the sudo /usr/local/bin/certbot-auto renew --dry-run was also successful.

The problem is that I can not find/confirm that certbot is actually installed for automatic launch. Docs indicate that CentOS EPEL 7 should use systemd. However, running systemctl list-timers --all indicate that there is no timer set up for CertBot. There is nothing in /etc/systemd/system/ related to CertBot. I have checked crontab -l just in case -- nothing.

Why there is no auto-renewal set up?

Is it a mistake in the docs, or am I missing something?

Should I look elsewhere? Should I create the timer/job manually?

certbot 1.10.1

nginx 1.7.8

kernel 3.10.0-123.20.1.el7.x86_64

NAME="CentOS Linux"
VERSION="7 (Core)"
ID_LIKE="rhel fedora"
PRETTY_NAME="CentOS Linux 7 (Core)"


P.S. I have used alternative installation method, because the default CertBot's installation with snapd does not work -- it complains:

error: system does not fully support snapd: cannot read the value of
         fs.may_detach_mounts kernel parameter: open
         /proc/sys/fs/may_detach_mounts: no such file or directory

which I assume means that my kernel version is too old for snapd to work.

1 Like

Did you actually install such a systemd timer? Because that doesn't just happen by itself. The CentOS EPEL 7 docs you're referring to are for certbot installed by the distribution packages, which come with a systemd timer or cronjob in the package. However, you've installed certbot through certbot-auto, which is not the same as installing certbot through a distribution package.

So, to summarize: if you've installed certbot through the (deprecated) certbot-auto wrapper script, you have to install a cronjob or systemd timer for renewal manually.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.