How to make certbot automatic updates

TheErminK · April 23, 2020, 1:52pm

My domain is: elami.mk

My web server is (include version):
Distributor ID: Debian
Description: Debian GNU/Linux 9.12 (stretch)
Release: 9.12
Codename: stretch

The operating system my web server runs on is (include version): Apache 2

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

I have a question about

systemctl list-timers certbot.timer
NEXT LEFT LAST PASSED UNIT ACTIVATES
Thu 2020-04-23 21:29:24 UTC 11h left Thu 2020-04-23 01:51:55 UTC 7h ago certbot.timer certbot.service

certbot.service , I want to make it so that certbot timer activates every first friday of the month and runs certbot.service (Which I guess renews the certificates?)
How would I go about doing this ? I do not wish to experiment too much for fear of breaking

I know this can be done with crone but seeing as already there is a timer maybe this is more efficient.

Thank you

9peppe · April 23, 2020, 2:04pm

What’s the issue with running it twice a day like the default?

I can link you to systemd’s manuals, though: https://www.freedesktop.org/software/systemd/man/systemd.timer.html

You can override the OnCalendar directive using systemctl edit certbot.timer, but why?

TheErminK · April 23, 2020, 2:21pm

But when I go to edit certbot.timer it is empty.
Also I would like to do the certbot renew process only once per month, because I have many domains and sometimes there are problems occuring on the server and I need to be aware when it is running so I can fix if something arises.

9peppe · April 23, 2020, 2:22pm

Yes, that's expected, that's the override file. If you want the current unit, use systemctl cat instead of systemctl edit

TheErminK · April 23, 2020, 2:54pm

Oh Thanks ! Yes I see it

[Unit]
Description=Run certbot twice daily

[Timer]
OnCalendar=*-*-* 00,12:00:00
RandomizedDelaySec=43200
Persistent=true

[Install]
WantedBy=timers.target

So if I wanted to do it every saturday I would copy paste this whole thing and change

OnCalendar=*-*-* 00,12:00:00 this right ?

9peppe · April 23, 2020, 3:10pm

I think you should add

[Timer]
OnCalendar=something

in the empty file that shows when you do systemctl edit

TheErminK · April 23, 2020, 5:19pm

I did that now when I cat I get

# /lib/systemd/system/certbot.timer
[Unit]
Description=Run certbot twice daily

[Timer]
OnCalendar=*-*-* 00,12:00:00
RandomizedDelaySec=43200
Persistent=true

[Install]
WantedBy=timers.target

# /etc/systemd/system/certbot.timer.d/override.conf
[Timer]
OnCalendar=Fri *-*-1..7 06:00:00

Will this go away ? The old Timer ?

9peppe · April 23, 2020, 8:05pm

I don’t know. What does systemctl list-timers say?

_az · April 23, 2020, 10:16pm

I believe that those OnCalendar properties would be cumulative, because (systemd.timer):

May be specified more than once, in which case the timer unit will trigger whenever any of the specified expressions elapse

According to this forum post, you can change your override file to unset the existing OnCalendar property and then add your own:

[Timer]
OnCalendar=
OnCalendar=Fri *-*-1..7 06:00:00

system · May 23, 2020, 10:16pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.