Daily Keys and Csr file creating

The version of my client is : 0.22.2-1+ubuntu16.04.1+certbot+1

In my /etc/letsencrypt/keys & csr folder files are creating daily.

-rw------- 1 root root 1.7K Mar 8 00:00 1391_key-certbot.pem
-rw------- 1 root root 1.7K Mar 8 00:00 1392_key-certbot.pem
-rw------- 1 root root 1.7K Mar 8 00:01 1393_key-certbot.pem
-rw------- 1 root root 1.7K Mar 8 00:01 1394_key-certbot.pem
-rw------- 1 root root 1.7K Mar 8 12:05 1395_key-certbot.pem
-rw------- 1 root root 1.7K Mar 8 12:05 1396_key-certbot.pem
-rw------- 1 root root 1.7K Mar 9 00:52 1397_key-certbot.pem
-rw------- 1 root root 1.7K Mar 9 00:52 1398_key-certbot.pem
-rw------- 1 root root 1.7K Mar 9 12:13 1399_key-certbot.pem
-rw------- 1 root root 1.7K Mar 9 12:13 1400_key-certbot.pem
-rw------- 1 root root 1.7K Mar 10 00:14 1401_key-certbot.pem
-rw------- 1 root root 1.7K Mar 10 00:14 1402_key-certbot.pem
-rw------- 1 root root 1.7K Mar 10 12:30 1403_key-certbot.pem
-rw------- 1 root root 1.7K Mar 10 12:30 1404_key-certbot.pem
-rw------- 1 root root 1.7K Mar 11 00:56 1405_key-certbot.pem
-rw------- 1 root root 1.7K Mar 11 00:56 1406_key-certbot.pem
-rw------- 1 root root 1.7K Mar 11 12:46 1407_key-certbot.pem
-rw------- 1 root root 1.7K Mar 11 12:46 1408_key-certbot.pem

-rw-r–r-- 1 root root 948 Mar 8 00:00 1391_csr-certbot.pem
-rw-r–r-- 1 root root 948 Mar 8 00:00 1392_csr-certbot.pem
-rw-r–r-- 1 root root 948 Mar 8 00:01 1393_csr-certbot.pem
-rw-r–r-- 1 root root 948 Mar 8 00:01 1394_csr-certbot.pem
-rw-r–r-- 1 root root 948 Mar 8 12:05 1395_csr-certbot.pem
-rw-r–r-- 1 root root 948 Mar 8 12:05 1396_csr-certbot.pem
-rw-r–r-- 1 root root 948 Mar 9 00:52 1397_csr-certbot.pem
-rw-r–r-- 1 root root 948 Mar 9 00:52 1398_csr-certbot.pem
-rw-r–r-- 1 root root 948 Mar 9 12:13 1399_csr-certbot.pem
-rw-r–r-- 1 root root 948 Mar 9 12:13 1400_csr-certbot.pem
-rw-r–r-- 1 root root 948 Mar 10 00:14 1401_csr-certbot.pem
-rw-r–r-- 1 root root 948 Mar 10 00:14 1402_csr-certbot.pem
-rw-r–r-- 1 root root 948 Mar 10 12:30 1403_csr-certbot.pem
-rw-r–r-- 1 root root 948 Mar 10 12:30 1404_csr-certbot.pem
-rw-r–r-- 1 root root 948 Mar 11 00:56 1405_csr-certbot.pem
-rw-r–r-- 1 root root 948 Mar 11 00:56 1406_csr-certbot.pem
-rw-r–r-- 1 root root 948 Mar 11 12:46 1407_csr-certbot.pem
-rw-r–r-- 1 root root 948 Mar 11 12:46 1408_csr-certbot.pem

My Cronjob

0 0 * * 0 /bin/letsencrypt-autorenew.sh

Is there any config issue in my server.

1 Like

Something is probably wrong, but we can’t be sure.

How many certificates do you have?

What does “sudo certbot certificates” show?

Can you post the contents of a recent /var/log/letsencrypt/letsencrypt.log? If it’s huge, only include the last day or two, or maybe upload it to a pastebin.

Can you post the contents of /bin/letsencrypt-autorenew.sh?

You’re using a very old version of Certbot. Do you know why? Can you run “sudo apt update” and then post the output of “apt list --upgradeable”?

Can you fill out the rest of the questionnaire below?


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

I will play Captain Obvious:

[we can start from there and go forward with your answers]

1 Like

sorry I can’t post the domain name as it’s a client domain.

sudo certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Revocation status for /etc/letsencrypt/live/my.mydomain.com/cert.pem is unknown

Found the following certs:
Certificate Name: my.mydomain.com
Domains: my.mydomain.com
Expiry Date: 2018-07-22 06:05:38+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/my.mydomain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/my.mydomain.com/privkey.pem

Certificate Name: 01.mydomain.com
Domains: 01.mydomain.com
Expiry Date: 2020-03-26 12:53:35+00:00
Certificate Path: /etc/letsencrypt/live/01.mydomain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/01.mydomain.com/privkey.pem

/var/log/letsencrypt/letsencrypt.log

https://pastebin.com/i26F27zE

/bin/letsencrypt-autorenew.sh
#!/bin/bash
certbot renew --text --no-self-upgrade > /var/log/letsencrypt_cron.log 2>&1
/etc/init.d/apache2 restart

apt list --upgradeable
certbot/xenial 0.31.0-1+ubuntu16.04.1+certbot+1 all [upgradable from: 0.22.2-1+ubuntu16.04.1+certbot+1]

From the log I understand that as I am running nginx on port 80, apache is not starting that’s why certbot was not able to renew the certificate. But my cron job is scheduled for sunday and why certbot try to renew certificate daily and the files are creating in keys and csr folder.

1 Like

There are less than half a billion domains, it’s got to be one of them…

The Certbot package installs a systemd timer that runs certbot -q renew twice a day.

Old versions ran at random times between 00:00-01:00 and 12:00-13:00; I think newer versions run at completely random times.

2 Likes