How to correctly add auto-renewal (Debian 9 (Stretch))

OK, let’s try just that one cert:

sudo /usr/local/sbin/certbot-auto renew --apache --cert-name --deploy-hook '/etc/init.d/apache2 restart'

I think I found MY MISTAKE - was missing “renew” in command.

sudo /usr/local/sbin/certbot-auto --apache --cert-name --deploy-hook ‘/etc/init.d/apache2 restart’
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/

What would you like to do?

1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel):

What do I click ?

press C

I think I found MY MISTAKE - was missing “renew” in command.

Let’s try it with “renew”:

sudo /usr/local/sbin/certbot-auto renew --apache --deploy-hook '/etc/init.d/apache2 restart'

sudo /usr/local/sbin/certbot-auto renew --apache --deploy-hook ‘/etc/init.d/apache2 restart’
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Cert not yet due for renewal

Processing /etc/letsencrypt/renewal/

Cert not yet due for renewal

Processing /etc/letsencrypt/renewal/

Cert not yet due for renewal

Processing /etc/letsencrypt/renewal/

Cert not yet due for renewal

The following certs are not due for renewal yet:
/etc/letsencrypt/live/ expires on 2019-12-10 (skipped)
/etc/letsencrypt/live/ expires on 2019-12-10 (skipped)
/etc/letsencrypt/live/ expires on 2019-12-12 (skipped)
/etc/letsencrypt/live/ expires on 2019-12-12 (skipped)
No renewals were attempted.
No hooks were run.

Perfect !

Now we just need to add that command to CRON so that is runs automatically.

You are the best!
EDIT: I read about CRON (the link you provided) I get what it does.

1 Like

One last check:
Let’s make sure the “restart” will work when called:
sudo /etc/init.d/apache2 restart

sudo /etc/init.d/apache2 restart
[ ok ] Restarting apache2 (via systemctl): apache2.service.

Cheers from Miami :slight_smile:

Thank you very much, please provide a patreon link or something similar you use :slight_smile:

Also wanted to ask, is there like a default cron command I can copy paste into cron so it does the trick ?
The tutorials online say start moving certbot here and there… simply doesn’t sound good.

You can buy me a beer or simply donate to LE:

I gave you a starting point entry earlier:

Don’t forget to mark this topic “solved”.

should I maybe change this and enter it in cron like this?

41 */12 * * * /usr/local/sbin/certbot-auto renew --apache --deploy-hook '/etc/init.d/apache2 restart'

When run with “-q” it will only “renew”…So they are basically the same.

If you want to go ALL OUT (or ALL IN) use:
renew -n -q

41 */12 * * * /usr/local/sbin/certbot-auto renew -n -q --apache --deploy-hook '/etc/init.d/apache2 restart'
1 Like

Just out of curiosity, does this crone command ecexute every day at every 12 hours on the 41st minute ?

00:41 & 12:41

1 Like

Thank you a lot again!

1 Like

You can thank me in 2 days when it renews your first cert (automatically) - LOL

Or, better yet, thank LE (for all they do)

1 Like

Yes definitely will donate again and thanks to every one of you working for all of us here, it is really appreciated around the globe. Hope you realize that.

I added the cron job using crontab -e
got this
crontab -e
no crontab for root - using an empty one
GNU nano 2.7.4 File: /tmp/crontab.IynLJ2/crontab Modified

daemon’s notion of time and timezones.

Output of the crontab jobs (including errors) is sent through
email to the user the crontab file belongs to (unless redirected).

For example, you can run a backup of all your user accounts
at 5 a.m every week with:
0 5 * * 1 tar -zcf /var/backups/home.tgz /home/

For more information see the manual pages of crontab(5) and cron(8)

m h dom mon dow command

41 */12 * * * /usr/local/sbin/certbot-auto renew --apache --deploy-hook ‘/etc/init.d/apache2 restart’

Added this

1 Like

I hate to bother you again, but I waited for 00:41 just to see if the job will run and if everything will be alright, and the job did not run :confused: Can we check it somehow ?
I used the command crontab -e
it was first time using it so I selected nano editor
I added the following code

41 */12 * * * /usr/local/sbin/certbot-auto renew --apache --deploy-hook '/etc/init.d/apache2 restart'

It created the new cron

crontab: installing new crontab

Also when I run systemctl list-timers -all

NEXT                         LEFT          LAST                         PASSED       UNIT
Fri 2019-11-08 01:09:00 UTC  13min left    Fri 2019-11-08 00:39:01 UTC  16min ago    phpsessionclean.timer
Fri 2019-11-08 06:08:13 UTC  5h 12min left Thu 2019-11-07 21:01:59 UTC  3h 53min ago apt-daily.timer
Fri 2019-11-08 06:11:31 UTC  5h 15min left Thu 2019-11-07 06:04:35 UTC  18h ago      apt-daily-upgrade.timer
Fri 2019-11-08 14:47:11 UTC  13h left      Thu 2019-11-07 14:47:11 UTC  10h ago      systemd-tmpfiles-clean.ti

this is all of them from before, I suspect my cron should have been added ?

Thank you again sorry for bothering.