I ran this command: sudo certbot certonly --dns-route53 --dns-route53-propagation-seconds 30 -d alpha.example.com -d example.com -d developers.example.com -d www.example.com -d docs.example.com -d go.example.com -v
and after this i run sudo service httpd restart
It produced this output: it is renewing the certificate perfectly without problem. I want to automate this like every 65 days to renew it or everyday, I don't know if it is good to renew it every day. Can you help me ?
My web server is (include version): apache 2.4
The operating system my web server runs on is (include version): amazon linux 2
With Certbot, you normally renew your cert with the command
sudo certbot renew
with a cron job or systemd timer. And, this may have already been setup during install of Certbot. If not, see link here for instructions on setting this up
You should also add --deploy-hook "service httpd reload" to your certbot certonly command. This will allow the certbot renew to reload your Apache server automatically whenever it gets a fresh cert. A reload is less disruptive than a restart.
The Cerbot renew is run at least once / day. It first looks at your existing cert. If it is fresh enough then nothing more is done. When it has less than 30 days left before expiry it will request a fresh cert.
That is a poor method. Sometimes cert requests fail due to temporary comms issues or Let's Encrypt outages or system stress.
So, doing it once every 70 days only gives you one chance to get a cert.
Further, the time 0 0 is not recommended as the time due to many other using that same time and causing unusual Let's Encrypt demand and possible failures.
You should re-run your long certbot certonly ... command once more using the deploy-hook I described. Then setup a cron job for the certbot renew command.
Please follow the instructions in the Certbot docs to use a random start time and run it at least once per day.
Thanks you a lot