my certificate is not yet due for renewal, however just for testing purposes I set up a cron job so that my SSL certificate shall be renewed every 1st of the month at 0:01 system time.
However when I check the certificate in my web browser today it is still the old one (approximately 3 weeks old).
Is there an error in my crontab syntax?
That will tell you if the error is with 1. or 2. in your case.
The crontab you have should run once per month ( personally I run it daily). You should only need “/letsencrypt-auto --renew” to check and renew all certs that are required. I’d also use one of the --hook options to reload apache if needed ratehr than every time the cron is run.
What version of letsencrypt are you running ? You may want to update to the latests ( now named certbot). You also don’t say if you are running this as a user or root (i.e. if you have the relevant permissions ) since the command looks to be a user ( /home/pi … ) yet reloading apache would typically not be an option for a user.
finally I had some time to do more reading on this and ultimately remembered, that I posted a topic here.
I tried out another script and it worked perfectly. In my case I had to stop apache2 before running letsencrypt-auto, because if I would not have stopped apache2, the relevant ports would have been blocked by apache2 and renewal of the certificate failed.
I now have this cronjob running (new cert on every monday), in case anybody finds this topic interesting on his/her own issue:
crontab -l
00 4 * * 1 sudo service apache2 stop && /home/pi/letsencrypt/letsencrypt-auto renew --force-renew && sudo service apache2 start
I am now marking this topic as solved. Anyways, thanks for your reply!
You could run this every day, and it would only stop apache, renew the cert, and restart apache when it was needed. Your approach forces a stop of apache and generates a new cert every week.