My domain is: www.conservatoirevegetal.com
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
Debian Jessie 8.11
My hosting provider, if applicable, is:
Debian Jessie 8.11
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):
certbot --version : cerbot 0.10.2
cerbot-auto --version : cerbot 0.36.0
Hello, because my cerbot was not working any more , I have installed cerbot-auto (with help of @gpatel-fr and @Schoen) succesfully.
1/ no way to remove cerbot (even with dpkg -r)
2/ when I run manually cerbot-auto renew all is fine . But I don’t understand how to remove.change the script in cron.d
I am very new in all this things. Thanks for your help.
What happens if you run
sudo apt remove certbot?
root@sd-118150:~# apt-get remove cerbot
Lecture des listes de paquets… Fait
Construction de l’arbre des dépendances
Lecture des informations d’état… Fait
E: Impossible de trouver le paquet cerbot
root@sd-118150:~# apt-cache show certbot
Status: install ok installed
Maintainer: Debian Let’s Encrypt email@example.com
Depends: python-certbot (= 0.10.2-1~bpo8+1), init-system-helpers (>= 1.18~), pyt hon, python:any (>= 2.7~)
Suggests: python-certbot-apache, python-certbot-doc
Breaks: letsencrypt (<= 0.6.0)
Description: automatically configure HTTPS using Let’s Encrypt
The objective of Certbot, Let’s Encrypt, and the ACME (Automated
Certificate Management Environment) protocol is to make it possible
to set up an HTTPS server and have it automatically obtain a
browser-trusted certificate, without any human intervention. This is
accomplished by running a certificate management agent on the web
This agent is used to:
- Automatically prove to the Let’s Encrypt CA that you control the website
- Obtain a browser-trusted certificate and set it up on your web server
- Keep track of when your certificate is going to expire, and renew it
- Help you revoke the certificate if that ever becomes necessary.
This package contains the main application, including the standalone
and the manual authenticators.
But even if I can not remove cerbot, how can I be sure the cron for cerbot-auto is working ?
cerbot in this command.
!!! Much better !
So 4 eyes better than 2 …
So, now I have checked manually “certbot-auto renew” and that’s fine.
How can I check the cron …
Are you just wondering whether it’s running regularly? You could look for the log files in
/var/log/letsencrypt, which should indicate whenever
certbot renew has been run.
Yes, I want to check.
So I look the log you give to me, and it seems not working for cerbot-auto :
2019-08-08 00:03:38,109:DEBUG:certbot.renewal:no renewal failures
I am not sure to understand correctly, thanks.
There is a file named “certbot/” in /etc/cron.d but I am not sure it is correct
0 */12 * * * root test -x /usr/local/bin/certbot-auto -a ! -d /run/systemd/system && perl -e ‘sleep int(rand(3600))’ && certbot-auto renew
In this case,
no renewal failures means that there were no failed attempts to renew certificates. This can happen when no certificate is due for renewal yet. But its presence in the log is a good sign that the renewal process is running. It’s just that Certbot thinks it’s too early to renew your certificate.
You could change that behavior if you want to actually watch the live renewal process happen. If you go into
/etc/letsencrypt/renewal and find the
.conf file related to the certificate you want to have renewed early, you can then edit it and find the commented-out line
# renew_before_expiry = 30 days
You could temporarily change it to
renew_before_expiry = 89 days
(also removing the
# so that the configuration line is uncommented).
This would cause Certbot to try to renew this particular certificate when it is 1 day old (90-89=1) rather than when it is 60 days old (90-30=60). In that case, your automated renewal should happen the next time the cron job runs.
If you do this, remember to change it back afterward, or else your certificate will be renewed every day and you’ll run into Let’s Encrypt rate limits after doing this 5 times in a row.
Great, I learn a lot.
So I change one of the domain.conf, and look the log day after.
I do not understand the use of /etc/cron.d/certbot.
Because it was already existing, and I did modify it (but not sure it was good to do that)
I have manually changed certbot by certbot-auto in this file. It was right to do that ?
Hello, I am not sure when I read the log. I don’t understand the content.
And when I check on https://check-your-website.server-daten.de/ I see almost the same expiration for one domain I have modified pp.conservatoirevegetal.com.conf (1), and one I didn’t (2)
expires in 90 days|
| — | — |
expires in 88 days|
| — | — |
looks like your renew via cron job has worked
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.