Certbot creates a "task" automatically . Can it be prevented?

Hi,

On Ubuntu 22.04.1

After certbot run

/usr/bin/certbot certonly --manual --preferred-challenges dns -m 'domain@exemple.com' -d '*.exemple.com' --agree-tos -n --manual-auth-hook /root/letsencrypt/certbot-hooked.sh

it creates automatically a task

Certbot has set up a scheduled task to automatically renew this certificate in the background

And indeed systemctl list-timers confirms a timer has been created.

Is there a way (e.g. an option) for certbot not to create that task?
I'd rather handle the renewals myself (crontabs)

Thanks

(sorry if this is a trivial question, the man does not seem to address that question)

I don't know of a way to not create the timer but this post describes how to disable the certbot timer

5 Likes

Certbot itself has not created those tasks, but the installation method of Certbot has. A small and possibly arbitrary, but a difference nontheless. E.g., when installing Certbot using the pip method, no cronjob or systemd timer gets created. Using the Debian or Ubuntu package, the package manager will create the cronjob or systemd timer (which are maintained by Debian resp. Ubuntu maintainers, not the Certbot team). AFAIK when using snap to install Certbot, the snap installer will install a cronjob or systemd timer, which is managed by the Certbot team.

So it depends if and who has decided you'll be getting a systemd timer or cronjob, including the Certbot team in certain packages, but strictly speaking it's not the Certbot Python application doing this.

6 Likes

As a note, for your scheduled task, it's a good idea to use some randomness in the execution time, or at least don't pick midnight UTC. :slight_smile:

7 Likes

In case anyone didn't get the memo:
"Midnight" can occur 24 times per day - LOL

So, don't chose the top of any hour to run the job.

6 Likes

But I believe there is only one UTC Midnight (@ 00:00:00 24 hour time) per day also. :slightly_smiling_face:

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.