Is auto-renew on?

real-time-jeff · April 10, 2022, 7:59pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: redhawk.concurrent-rt.com

I ran this command: certbot certificates

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: redhawk.concurrent-rt.com
Domains: redhawk.concurrent-rt.com
Expiry Date: 2022-07-09 18:24:46+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/redhawk.concurrent-rt.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/redhawk.concurrent-rt.com/privkey.pem

My web server is (include version): 2.4.41-4ubuntu3.10

The operating system my web server runs on is (include version): Ubuntu 20.04 w/ updates

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no - that might be useful -- where do I get that (apt-search certbot didn't show anything like that)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0 (certbot-auto is not installed)
It was installed via apt-get install certbot

I have spent over an hour searching the web to figure out how I can determine if auto-renew is on.

While I have run across several articles, none of them answer my basic question. There are some
suggestions about adding a cron-job to do the renewal, but they aren't from letsencrypt. I have been
reading the certbot man page and have found an option called --no-autorenew and it says the
default setting is True. But nothing other than that tells me if it is True or False. The presence of
this option makes me think that there may be some auto-renewal activity as part of certbot itself.

It's unclear how I would use this option -- for example if I wanted to set it to False, what is the
syntax? How do I know which certificates it would apply to?

Sorry for the simple question here -- I just can't find the answer.

rg305 · April 10, 2022, 8:01pm

Try:

crontab -l
systemctl list-timers | grep certbot

rg305 · April 10, 2022, 8:03pm

And also make sure the web service is restarted/reloaded after each renewal.

real-time-jeff · April 10, 2022, 8:11pm

Thanks. Good to remember.

real-time-jeff · April 10, 2022, 8:13pm

Ah, yes, the systemctl list-timers command did show an entry to certbot.timer/cerbot.service

Sun 2022-04-10 21:09:30 EDT 4h 57min left Sun 2022-04-10 06:52:10 EDT 9h ago certbot.timer certbot.service

Is that entry sufficient to tell me auto-renewal is on -- or just that some timer exists.?

MikeMcQ · April 10, 2022, 8:18pm

That timer runs the renew command. You can test that with

sudo certbot renew --dry-run

Could also look in your system log to ensure that timer runs.

9peppe · April 10, 2022, 8:18pm

Now check in /etc/letsencrypt/renewal and see if the files there contain info on how to install the certificate or reload the server.

real-time-jeff · April 10, 2022, 8:20pm

Excellent. All looks good. My question has been answered.

Thanks.

system · May 10, 2022, 8:21pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.