How to determine whether certbot is still active

Help
21

Sorry I mixed up, I meant certbot vs. acme.sh
I had installed acme.sh some time ago but it looks like it interferes with certbot.
Anyway, I have /var/spool/cron/crontabs/acme with

50 21 * * * /usr/local/share/acme.sh/acme.sh --cron --home "/var/lib/acme/.acme.sh" > /dev/null

in it.

So at the moment the key question is how I can get rid of certbot?

22

As, from the logs, it seems your Certbot was installed using snap:

sudo snap remove certbot
23

Did that. Thanks. There are a bunch of relicts like this:

root@mail:/etc# find . | grep certbot
./logrotate.d/certbot
./letsencrypt/keys/0094_key-certbot.pem
./letsencrypt/keys/0114_key-certbot.pem
./letsencrypt/keys/0031_key-certbot.pem
./letsencrypt/keys/0129_key-certbot.pem
./letsencrypt/keys/0131_key-certbot.pem
./letsencrypt/keys/0090_key-certbot.pem
./letsencrypt ...
...
./letsencrypt/csr/0003_csr-certbot.pem
./letsencrypt/csr/0023_csr-certbot.pem
./letsencrypt/csr/0153_csr-certbot.pem
./letsencrypt/csr/0057_csr-certbot.pem
./systemd/system/timers.target.wants/certbot.timer
./systemd/system/certbot.timer
./cron.d/certbot
root@mail:/etc#

Can I delete them?

24

Only if you're absolutely sure you don't need them any longer. E.g., any service still using those files (webserver/mailserver/whatever) will fail to start or reload if you delete a file that it requires.

25

For sure.

Also, some bad recipes for using acme.sh has it outputting its cert files into the same folders as Certbot.

Good chance that's what happened here because otherwise acme.sh and Certbot should cohabit.

26

Thanks so far. I managed to get the acme.sh generated cert working again.

Two things:

  1. I havenā€˜t found a way to make acme.sh execute the post renewal script that glues together fullchain.cer and the .key file as haproxy expects it.

  2. a ZeroSSL CA cert is used. Iā€˜d prefer an LE one.

Iā€˜ve learnt that this is done by the ā€”server option in the acme.sh ā€”issue command. Gotta find out the place where this is configured.

27

See post #8 in this thread:

I believe you use the --post-hook option in acme.sh
See its docs for details

28

If for whatever reason that should fail, you could blindly schedule a nightly combine+copy script to ensure haproxy is never more than one day behind.