I ran sudo certbot --apache and it set up a cron job to renew my cert automatically, supposedly every 90 days:
0 7 8 2,5,8,11 * /usr/bin/certbot renew
However, this cron job doesn’t run every 90 days. It runs every 3 months. That means it’ll sometimes be off by a day or two, leaving an invalid SSL cert during that time. Right now, for example, the Let’s Encrypt Expiry Bot is telling me that my cert will expire on 07 Feb 18 18:37 +0000. Notice that my cron job won’t run until 08 Feb 2018, a day late.
I can hand-edit this cron job to run (say) every other month to avoid a gap in SSL coverage, but shouldn’t this problem not happen when certbot sets things up for auto-renewal?
This is certbot 0.19.0 on Ubuntu 16.04 Xenial with Apache 2.4. The domain is kidreviewz.com.
# /etc/cron.d/certbot: crontab entries for the certbot package
# Upstream recommends attempting renewal twice a day
# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc. Renewal will only occur if expiration
# is within 30 days.
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew