Certbot on CentOS 7 (Cron location question)

My domain is: not needed, I have cert

I ran this command: "yum install certbot python2-certbot-apache"; then I ran: "certbot --apache -d hostname.domain.com -d www.hostname.domain.com

It produced this output: certificate successfully installed

My web server is (include version): Server version: Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version): CentOS 7.9

My hosting provider, if applicable, is: a VPS.

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0

I have installed certificate and it's working fine. I partially followed the instructions here(to get the issue command): Certbot Instructions | Certbot , but I am facing a bit of trouble locating the cron job.

The guide states:

The command to renew certbot is installed in one of the following locations:

  • /etc/crontab/
  • /etc/cron.*/*
  • systemctl list-timers

However, the cronjob is nowhere to be found in those locations. Any ideas where could it be? (The install is brand new from today). Maybe I need to update certbot or something(I am sorry, that I didn't install via snap - I assumed it was still yum and read it later - I only got what I needed from the guide.)?

Yes, in one of those three places (that it's not).

Then please explain more on:

Show us the output of:
[you can obfuscate the domain name(s)]
certbot certificates
certbot renew

[I ask because I think the cron job is only create once a certificate is issued (and would need to be renewed)]

1 Like

[root@server ~]# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: sip.domain.com
Serial Number: 375e8ecf00f17d9c84df37e1efca0dabb4b
Key Type: RSA
Domains: sip.domain.com www.sip.domain.com
Expiry Date: 2022-02-28 20:53:56+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/sip.domain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/sip.domain.com/privkey.pem

So there should be a cron job... somewhere.
crontab -l

1 Like

I probably just add another cronjob of certbot renew to crontab every 4am? I don't think it will break anything: at worst case it would look for renew twice as often, which isn't a problem as certbot only renew when it see cert near expire date.


I would now check the LE log file (or wait 24 hours and recheck it then).
If certbot renew has been run (via cron) there would be some evidence of it in the logs.
tail /var/log/letsencrypt/letsencrypt.log


I have waited 24 hours since the installation of certificate - it ran on 1st of December 04:19 MSK time. Now, the time shows: "Thu Dec 2 15:39:31 MSK 2021". However, the latest logs in letsencrypt.log date to 01st of December - 04:19.

2021-12-01 04:19:43,238:DEBUG:certbot._internal.main:certbot version: 1.11.0
2021-12-01 04:19:43,238:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2021-12-01 04:19:43,238:DEBUG:certbot._internal.main:Arguments: []
2021-12-01 04:19:43,238:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-12-01 04:19:43,271:DEBUG:certbot._internal.log:Root logging level set at 20
2021-12-01 04:19:43,271:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-12-01 04:19:43,343:DEBUG:certbot.ocsp:Querying OCSP for /etc/letsencrypt/live/fqdn.mydomain.com/cert.pem
2021-12-01 04:19:43,343:DEBUG:certbot.ocsp:openssl ocsp -no_nonce -issuer /etc/letsencrypt/live/fqdn.mydomain.com/chain.pem -cert /etc/letsencrypt/live/fqdn.mydomain.com/cert.pem -CAfile /etc/letsencrypt/live/fqdn.mydomain.com/chain.pem -verify_other /etc/letsencrypt/live/fqdn.mydomain.com/chain.pem -trust_other -timeout 10 -header Host r3.o.lencr.org -url http://r3.o.lencr.org
2021-12-01 04:19:43,468:DEBUG:certbot.display.util:Notifying user: Found the following certs:
  Certificate Name: fqdn.mydomain.com
    Serial Number: 375e8ecf00f17d9c84df37e1efca0dabb4b
    Key Type: RSA
    Domains: fqdn.mydomain.com www.fqdn.mydomain.com
    Expiry Date: 2022-02-28 20:53:56+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/fqdn.mydomain.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/fqdn.mydomain.com/privkey.pem

OK, so we can safely say there is no active job to renew your certs.

If you prefer cron, add to root user something like:
0 0,12 * * * /usr/bin/certbot renew

[you can confirm the cerbot path with: which certbot]

1 Like

Any ideas why the cron might have not been setup?

1 Like

"CentOS7" LOL

Actually, I don't know; It should have.

1 Like

Maybe it is recursive and needed the cron job to run. :rofl:

1 Like

Maybe because I installed an older version through yum - not snap.

It is CentOS 7, because that server will be running https://magnusbilling.com/ and the OS requirement for it seems pretty strict.

Were you able to create the cron job?

1 Like

Yes, manually.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.