Certificate renewed automatically

Help
1

The certificate is automatically renewed every 12 o’clock even I have not used the crontab or renew command. I do not understand why it automatically renews the certificates. How can I renew the certificates manually?

I ran this command:

ps -ef | grep certbot

root 24289 24286 0 12:00 ? 00:00:00 /bin/sh -c test -x /usr/bin/certbot && perl -e ‘sleep int(rand(3600))’ && certbot -q renew

root 26237 24289 56 12:25 ? 00:37:49 /usr/bin/python3 /usr/bin/certbot -q renew

root 31330 11515 0 13:32 pts/1 00:00:00 grep --color=auto cert

crontab -e

05 * * * * killall --older-than 5m phantomjs

00 * * * * sync && echo 3 > /proc/sys/vm/drop_caches

00 03 * * * dellog

My web server and operating system is Apache/2.4.7 (Ubuntu)

My hosting provider is Google cloud platform .

I can’t login to root shell and my client version is certbot 0.26.1

2

Perhaps a systemd timer?

2 Likes
3

Hi @mcsv0211,

I think @Osiris is on the right track asking about whether it could be a systemd timer. I believe Certbot on modern Ubuntu prefers this approach vs crontab.

What does running this command on your server show you:

systemctl list-timers
2 Likes
4

Also, the automated running of certbot renew twice a day is recommended. Normally, it checks if a certificate needs to be renewed. If everything isn’t within a configured or default number of days before expiry, it shouldn’t do anything.

If your certbot really renews twice a day, there is also something wrong with either the certbot command or the certbot configuration.

2 Likes
5

Thanks for your answer @Osiris

The below message is what I get.

multi-user.target.wants/
sockets.target.wants/
sshd.service -> /lib/systemd/system/ssh.service
sshd.service.wants/
syslog.service -> /lib/systemd/system/rsyslog.service
timers.target.wants/

So this could be the problem?

6

Thanks for your answer. @cpu.

I got below message when I run the command with “systemctl list-timers” on the Ubuntu 14.04.5 LTS.

  • systemctl: command not found

Is that “systemctl list-timers” command is right for my Ubuntu version?

7

I think Ubuntu 14.04 is too old to be using systemd so there is no systemctl for this Ubuntu version.

@bmw @schoen Do one of you know how Certbot sets up automated renewal on 14.04?

I believe 14.04 is no longer suppoted by Canonical and isn't getting any security updates. You may want to consider moving to a supported Ubuntu version above and beyond your current Certbot problem.

1 Like
8

The end-of-life date for 14.04 is "April 2019", which I imagine means that it stopped being supported by Canonical three days ago (although there's no update to Releases - Ubuntu Wiki indicating this). Perhaps Canonical's interpretation is that it's still supported for 26 more days.

2 Likes
9

IIRC, the EOL date is April 17. :smiley:

Does /etc/cron.d/certbot exist? That /bin/sh process looks about like what it would do.

4 Likes
10

@cpu @schoen
Thanks for all your help!
I will think about to update the Ubuntu to the latest version.

11

@mnordhoff
Thanks for your help!
I found the problem at the /etc/cron.d/certbot.

Thank you.

1 Like
12

What was the problem?

2 Likes
13

I found the following code at the /etc/cron.d/certbot.

/etc/cron.d/certbot
0 */12 * * * root test -x /usr/bin/certbot && perl -e ‘sleep int(rand(3600))’ && certbot -q renew

1 Like
14

That’s normal, though. It runs Certbot twice a day. When your certificates will expire in less than 30 days (by default), Certbot will renew them. Otherwise it exits without doing anything.

Edit:

Oh. Rereading your first post, you want to manage renewal manually.

I’m curious why, but that’s up to you.

If you need something additional to happen when your certificates are renewed, it might be possible to automate it with a hook.

2 Likes
16

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.