Certificate Renewal with acme.sh cronjob

Following the Wiki here one could establish a cron job for the user "acme", which I did using:

acme@mail:~/.acme.sh$ acme.sh --install-cronjob
[Tue Nov 14 02:33:50 PM CET 2023] Using the current script from: /usr/local/share/acme.sh/acme.sh
[Tue Nov 14 02:33:50 PM CET 2023] Installing cron job
no crontab for acme
no crontab for acme

crontab -e:
50 21 * * * /usr/local/share/acme.sh/acme.sh --cron --home "/var/lib/acme/.acme.sh" > /dev/null

From where can I now see when acme.sh will renew?
Is there some way testing when it is due? (dry-run)

That cron job will run every day at 21:50 (9:50 PM) local time. If any cert is more than 60 days old at that time, it will try to renew it.


OK, minute 50, hour 21, was obvious, and not my question :slight_smile: . From where does acme.sh know to renew after 60days. That was my question. Is it hardwired into acme.sh somewhere?

It's coded in as a default, but can be changed with some command-line option if you want. But 60 days is a pretty sensible default for Let's Encrypt's 90-day certs.


Ah, thanks.

1 Like

And an actual recommendation from Let's Encrypt, to renew after 2/3rds of the certificate lifetime has elapsed.

1 Like

My acme.sh is set to 83 days

Why on earth would you do that?


Renew a week before expiration.

Yes, I know what it does. Why? Why would you want to wait that long? Sure, you can. But you're overriding both the client's default and the explicit recommendation of the CA. To what end?


All personal home server stuff so i keep it like that

Sounds more like a weak expiration to me.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.