Change cerbot to cerbot-auto

My domain is: www.conservatoirevegetal.com

I ran this command:

It produced this output:

My web server is (include version):
Apache 2.4.10
The operating system my web server runs on is (include version):
Debian Jessie 8.11
My hosting provider, if applicable, is:
Debian Jessie 8.11
I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot --version : cerbot 0.10.2
cerbot-auto --version : cerbot 0.36.0

Hello, because my cerbot was not working any more , I have installed cerbot-auto (with help of @gpatel-fr and @Schoen) succesfully.

But :
1/ no way to remove cerbot (even with dpkg -r)
2/ when I run manually cerbot-auto renew all is fine . But I don’t understand how to remove.change the script in cron.d

I am very new in all this things. Thanks for your help.

What happens if you run sudo apt remove certbot?

Hello @schoen
root@sd-118150:~# apt-get remove cerbot
Lecture des listes de paquets… Fait
Construction de l’arbre des dépendances
Lecture des informations d’état… Fait
E: Impossible de trouver le paquet cerbot

And

root@sd-118150:~# apt-cache show certbot
Package: certbot
Status: install ok installed
Priority: extra
Section: web
Installed-Size: 79
Maintainer: Debian Let’s Encrypt letsencrypt-devel@lists.alioth.debian.org
Architecture: all
Source: python-certbot
Version: 0.10.2-1~bpo8+1
Replaces: letsencrypt
Provides: letsencrypt
Depends: python-certbot (= 0.10.2-1~bpo8+1), init-system-helpers (>= 1.18~), pyt hon, python:any (>= 2.7~)
Suggests: python-certbot-apache, python-certbot-doc
Breaks: letsencrypt (<= 0.6.0)
Conffiles:
/etc/cron.d/certbot 88d0bd291b44222e55a073ae3e4cdba3
Description: automatically configure HTTPS using Let’s Encrypt
The objective of Certbot, Let’s Encrypt, and the ACME (Automated
Certificate Management Environment) protocol is to make it possible
to set up an HTTPS server and have it automatically obtain a
browser-trusted certificate, without any human intervention. This is
accomplished by running a certificate management agent on the web
server.
.
This agent is used to:
.

  • Automatically prove to the Let’s Encrypt CA that you control the website
  • Obtain a browser-trusted certificate and set it up on your web server
  • Keep track of when your certificate is going to expire, and renew it
  • Help you revoke the certificate if that ever becomes necessary.
    .
    This package contains the main application, including the standalone
    and the manual authenticators.
    Description-md5: deb7e404ce1b150b59379c3f9a73ac1a
    Homepage: https://certbot.eff.org/

But even if I can not remove cerbot, how can I be sure the cron for cerbot-auto is working ?
Thanks

You misspelled certbot as cerbot in this command.

!!! Much better !
So 4 eyes better than 2 …

So, now I have checked manually “certbot-auto renew” and that’s fine.
How can I check the cron …
Thanks :wink:

Are you just wondering whether it’s running regularly? You could look for the log files in /var/log/letsencrypt, which should indicate whenever certbot renew has been run.

Yes, I want to check.
So I look the log you give to me, and it seems not working for cerbot-auto :

2019-08-08 00:03:38,109:DEBUG:certbot.renewal:no renewal failures

I am not sure to understand correctly, thanks.

There is a file named “certbot/” in /etc/cron.d but I am not sure it is correct

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

0 */12 * * * root test -x /usr/local/bin/certbot-auto -a ! -d /run/systemd/system && perl -e ‘sleep int(rand(3600))’ && certbot-auto renew

In this case, no renewal failures means that there were no failed attempts to renew certificates. This can happen when no certificate is due for renewal yet. But its presence in the log is a good sign that the renewal process is running. It’s just that Certbot thinks it’s too early to renew your certificate.

You could change that behavior if you want to actually watch the live renewal process happen. If you go into /etc/letsencrypt/renewal and find the .conf file related to the certificate you want to have renewed early, you can then edit it and find the commented-out line

# renew_before_expiry = 30 days

You could temporarily change it to

renew_before_expiry = 89 days

(also removing the # so that the configuration line is uncommented).

This would cause Certbot to try to renew this particular certificate when it is 1 day old (90-89=1) rather than when it is 60 days old (90-30=60). In that case, your automated renewal should happen the next time the cron job runs.

If you do this, remember to change it back afterward, or else your certificate will be renewed every day and you’ll run into Let’s Encrypt rate limits after doing this 5 times in a row.

1 Like

Great, I learn a lot.
So I change one of the domain.conf, and look the log day after.

I do not understand the use of /etc/cron.d/certbot.
Because it was already existing, and I did modify it (but not sure it was good to do that)
I have manually changed certbot by certbot-auto in this file. It was right to do that ?

Hello, I am not sure when I read the log. I don’t understand the content.
And when I check on https://check-your-website.server-daten.de/ I see almost the same expiration for one domain I have modified pp.conservatoirevegetal.com.conf (1), and one I didn’t (2)

|CN=pp.conservatoirevegetal.com|12.08.2019|10.11.2019
expires in 90 days|
| — | — |

|CN=www.conservatoirevegetal.com|10.08.2019|08.11.2019
expires in 88 days|
| — | — |

Hi @1formanet

looks like your renew via cron job has worked :+1: