Cron is set to auto renew everyday at 11am but it is not auto-renewing, bitnami wordpress v 5.4.1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: shardyinteriors.co.uk

I ran this command:

sudo crontab -e
sudo crontab -e -u bitnami

It produced this output:
0 11 * * * /opt/bitnami/letsencrypt/scripts/renew-certificate.sh 2> /dev/null
for root user and

0 11 * * * sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --email="mymail@example.com" --http --http-timeout 30 --http.webroot /opt/bitnami/apps/letsencrypt --domains=shardyinteriors.co.uk renew && sudo /o$

for bitnami user

i ran

sudo /opt/bitnami/bncert-tool

initially too

also i did

sudo /opt/bitnami/ctlscript.sh stop
sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --path="/opt/bitnami/letsencrypt" renew --days 90
sudo /opt/bitnami/ctlscript.sh start

and

sudo mkdir -p /opt/bitnami/letsencrypt/scripts
sudo nano /opt/bitnami/letsencrypt/scripts/renew-certificate.sh

and

#!/bin/bash

  sudo /opt/bitnami/ctlscript.sh stop apache
  sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --path="/opt/bitnami/letsencrypt" renew --days 90
  sudo /opt/bitnami/ctlscript.sh start apache

and

sudo chmod +x /opt/bitnami/letsencrypt/scripts/renew-certificate.sh

My web server is (include version): bitnami

The operating system my web server runs on is (include version): Linux

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):command not found

The cert in use was renewed a few days ago:

image419×522 10.2 KB

Was that renewal done manually?

This is very curious:

How did it get there?
Why is it there?

thanks for quick reply
yes i had to do it manually

0 11 * * * sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --email="mymail@example.com" --http --http-timeout 30 --http.webroot /opt/bitnami/apps/letsencrypt --domains=shardyinteriors.co.uk renew && sudo /o

this was the output of sudo crontab -e -u bitnami

i referred to crontab guru to make an expression that the cert would renew everyday at 11am , that was the intention, because several times i have let my cert expire, with the hope that it would autorenew every month , so to be safe , i'm trying to renew once a day

You should not need such an entry.
When did you add it?

About 4 hours ago,
what changes should i make?
please inform,
and what would happen on expiry date 5th Jan 2022?

Ok so it definitely wasn't how the cert was renewed.
In cron all you should need is "renew".
Everything else, about any specific cert, should be held in the renewal.conf file for that specific cert.

I would remove that additional cron and review the certbot logs for indication of why it did not complete the renewal automatically.

And now another cert was issued today (that's six in seven days)!:
See: crt.sh | shardyinteriors.co.uk
Please stop the forced renewals - your system is wasting LE resources.

I bet that is NOT set how you think it is.

i'm assuming if cert duration goes below 90 days , the cron will run..

When the cron runs, is determined by cron, not by certbot.

cron runs when the time for it run matches the system clock.
The "--days 90" that is passed to the ACME client is telling it to renew the cert when it has less than 90 days left.
At it's issuance the cert had 90 days left, every point in time after that split second will be less than 90 days left.
So it will force a renewal attempt every time it is run.

Please remove that cron job or at the least set it to "--days 30".

It has done so quite a bit already: https://crt.sh/?Identity=shardyinteriors.co.uk&deduplicate=y

Already pointed that out (post #8):

Which is also the default, so you can also choose to remove it entirely.

Also mentioned already:

I meant the --days option, not the entire cronjob

I definitely meant remove the unnecessary duplicate (and wasteful) cron job.
But if you want two well behaved cron jobs, then that could also work

Nah, I just wanted to notice in general that keeping an option with a default value around isn't very useful. Separate from the whole one or two cronjobs stuff.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.