My domain is: example.com
I ran this command: sudo certbot certonly --dns-route53 --dns-route53-propagation-seconds 30 -d alpha.example.com -d example.com -d developers.example.com -d www.example.com -d docs.example.com -d go.example.com -v
and after this i run sudo service httpd restart
It produced this output: it is renewing the certificate perfectly without problem. I want to automate this like every 65 days to renew it or everyday, I don't know if it is good to renew it every day. Can you help me ?
My web server is (include version): apache 2.4
The operating system my web server runs on is (include version): amazon linux 2
My hosting provider, if applicable, is: amazon
The version of my client is certbot 1.11.0
With Certbot, you normally renew your cert with the command
sudo certbot renew
with a cron job or systemd timer. And, this may have already been setup during install of Certbot. If not, see link here for instructions on setting this up
You should also add
--deploy-hook "service httpd reload" to your
certbot certonly command. This will allow the certbot renew to reload your Apache server automatically whenever it gets a fresh cert. A reload is less disruptive than a restart.
The Cerbot renew is run at least once / day. It first looks at your existing cert. If it is fresh enough then nothing more is done. When it has less than 30 days left before expiry it will request a fresh cert.
When I list the cron jobs I don't see a certbot auto renew job ? Does it means that there is no cron job for certbot renew?
Did you check the systemd timers as described in the link I provided?
Yes, also no timer. I was thinking to add a job
0 0 */70 * * sudo certbot certonly --dns-route53 --dns-route53-propagation-seconds 30 -d alpha.example.com -d example.com -d developers.example.com -d www.example.com -d docs.example.com -d go.example.com && sudo service httpd reload
That is a poor method. Sometimes cert requests fail due to temporary comms issues or Let's Encrypt outages or system stress.
So, doing it once every 70 days only gives you one chance to get a cert.
Further, the time 0 0 is not recommended as the time due to many other using that same time and causing unusual Let's Encrypt demand and possible failures.
You should re-run your long
certbot certonly ... command once more using the deploy-hook I described. Then setup a cron job for the
certbot renew command.
Please follow the instructions in the Certbot docs to use a random start time and run it at least once per day.
See this FAQ on random times for why this is important:
Okay, nice and thanks. Very good describe Thanks you a lot
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.