Certbot Random Renew Triggers Adding Extra Entries to Log File


#1

Hello

I got myself to administration of a VPS server with certificates from Let’sEncrypt with renewing using certbot. I looked into /var/log/letsencrypt and there are 3 logs per day: one between 0:00 and 1:00 (probably random), second exactly at 3:48 and third between 12:00 and 13:00, all with the same output (same except of time/date).

Then I looked into crontab of root, but there is only
48 3 * * * cerbot renew --quiet

I also listed crontabs of all other users, but those are all empty.

Is there any known reason why it runs by itself additionaly twice a day or did the previous administrator use some other tool than cron in addition to cron? I would like to run it just once per day but I did not find a way to do so and stop those two additional runs.

EDIT: OS is Debian 8.7

Thank you
Jan


#2

What OS is being used? How was Certbot installed?

It’s officially recommended to run Certbot twice a day (at random times) – though only doing it once is fine too – so it’s not very surprising.

If Certbot was installed via the OS package manager, it may come with a renew job.

Check for a file in /etc/cron.d, perhaps /etc/cron.d/certbot.

If the distro uses systemd, check for a systemd timer. “systemctl list-timers” should list them all.


#3

That’s it, it’s being run using systemd, thank you.

I removed it from cron and modified systemd to keep exact time random.

And it is on Debian 8, but I was not the one who installed Certbot.


#4

By the way, the goal of the randomness isn’t necessarily to have each individual server choose an unpredictable time to renew, but just to prevent every server in the world from using the same time (increasing load on the CA unnecessarily).


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.