Crontab on Ubuntu


#1

I’ve read and done these instructions to get Let’s Encrypt up and running. All good and dandy. Next step is automatic renewal, and that’s where the instructions leave me in the dark. I’m supposed to use cron or systemd. And that’s basically where the instructions end.

Ubuntu has cron, so the instructions need to be changed:

  1. Forget systemd, cron is probably fine. Choices can confuse.
  2. Include the exact command for cron, just as you did for wiring up apache.

Currently what I found is sudo crontab -e which allows you to insert a new task. That line was missing from the instructions. Secondly what I fiddled together was the cronjob itself:
0 12 1 3 * letsencrypt renew
I know this isn’t fully correct, as it may result in anything from 89 to 92 days interval. That’s just how months work. And this is where the instructions leave me guessing in the dark. I have no idea what I’m supposed to enter has a schedule? There must’ve been something intended when LE figured 90 days is a good number.

So TLDR:
When the instructions say “Certbot can be configured to renew your certificates automatically before they expire”, what does it intend for me to do exactly?


#2

Hi @thany,

The letsencrypt renew command checks for itself whether any cert is less than 30 days away from expiring, and, if so, tries to renew that certificate. It does not try to renew every certificate regardless of age. So, it’s designed to be run at least once per day (with a time specification more like 35 2 * * * letsencrypt renew, where I just chose 35 at random). This is mentioned at the very bottom of the page that you linked to:

if you’re setting up a cron or systemd job, we recommend running it twice per day (it won’t do anything until your certificates are due for renewal or revoked, but running it regularly would give your site a chance of staying online in case a Let’s Encrypt-initiated revocation happened for some reason). Please select a random minute within the hour for your renewal tasks.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.