Certbot renewing automatically


#1

The certbot on my server has run the renewal routine alone during times it should not, this is the command that is running via htop.

/usr/bin/python3 /usr/bin/certbot -q renew

I have a cron set up for it to only run this once a month. How do I disable this automatic renewal?

This is my cron:
0 3 30 * * ./certbot-auto/certbot-auto renew
Run on the 30th of each month at 3am


#2

Hi @flaviotomazio,

It looks like this is a version that you installed from an OS package (for example via apt or something) and it may be running via a systemd timer in /etc/systemd rather than a cron job.

The version installed by the OS package is separate from the version you installed via certbot-auto although they can both normally understand and update the same files in /etc/letsencrypt.

Two other remarks:

Using the directory . in a crontab rule may be confusing because . means “the current directory”, which is not necessarily obvious when running a cron job. It might be clearer to specify a directory explicitly.

We do recommend running some form of certbot renew at least once per day. certbot renew does not renew all of your certificates, but only those that are less than 30 days from expiry at the moment that you ran certbot renew. Running this frequently you more advance warning if the renewal fails for some reason, as well as more protection from a missed renewal in case there was a momentary Let’s Encrypt outage or in case your machine was down or offline or rebooting at the moment that your monthly cron job would have run. There should be no harm from running certbot renew frequently, and it shouldn’t result in unexpected early renewals being performed.


#3

Thanks.
I will uninstall the certbot installed by apt-get and fix the cron.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.