I have installed Lets Encrypt following this tutorial
And it seems to be working all correctly it passed correctly test on https://www.ssllabs.com/ssltest/index.html but, my concern is on step 6 when setting up server crontab to auto-renew SSL certificate if it so, it automatically renews certificate and to be sure that I installed lets encrypt correctly.
I had just tried this command => sudo certbot renew --dry-run
and got the following output
user@user:~$ sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Attempting to parse the version 1.0.0 renewal configuration file found at /etc/letsencrypt/renewal/mydomain.com.conf with version 0.31.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mydomain.com
http-01 challenge for www.mydomain.com
Waiting for verification…
Cleaning up challenges
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/mydomain.com/fullchain.pem
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/mydomain.com/fullchain.pem (success)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)
IMPORTANT NOTES:
Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
If your user account requires a password in order to sudo, putting sudo in a crontab command will probably not work because the automated scheduler won’t be able to supply the correct password. The renewal task should instead be placed in a crontab file where commands are already run with the necessary privileges, such as the root user’s crontab—or you can use the automated scheduling that likely already came with your Certbot package because since you’re using certbot rather than certbot-auto it looks like you’ve probably installed Certbot with a package manager, which normally sets up automated renewal for you automatically.
Attempting to parse the version 1.0.0 renewal configuration file found at /etc/letsencrypt/renewal/mydomain.com.conf with version 0.31.0 of Certbot. This might not work.
shows that you have two different versions of Certbot—one of them as part of your operating system installed via a package manager (perhaps with apt), and the other one that you downloaded with certbot-auto following the tutorial's instructions.
Only one of the two should be necessary, and the operating system version one, at least, probably already has an autorenewal mechanism set up.
Despite the warning about incompatible versions, I don't think there's anything in particular that will be a problem in practice between 0.31.0 and 1.0.0 Certbot renewal configuration files.
I would suggest using your OS-packaged version if you don’t have a specific reason not to. It probably already has automated renewals set up using a systemd timer.