There are various ways that people choose to install Certbot. The one you used, following a tutorial, is called certbot-auto. Another way is using your operating system’s official software repository. I was suggesting that the second method is usually preferable, and usually also automatically sets up a task to perform automated renewals using Certbot.
If you look at
you can see some of our official instructions for installing Certbot using your operating system’s official software management mechanism, if that’s possible on your system. In this case, an autorenewal task will also be created for you and you won’t have to do anything of that nature yourself.
I should also mention that typically, if you switch Certbot installation methods, you don’t have to delete or recreate your certificates, because versions of Certbot that were installed at different times and in different ways can still usually read, recognize, and renew the certificates that were created by other versions of Certbot. You might receive a version mismatch warning about renewing with an older Certbot version, but unless something visibly goes wrong with the renewal, it should be OK.
I tried this website but, does not tell me anything, is there any tutorial to follow up to setup autorenew correctly on my case? Because right now wont renew certificate because of sudo command, is that correct?
If you use the operating-system provided one, it will already be set up for you.
If you want to continue using certbot-auto, the issue that we were discussing in the old thread is that you can’t use your own (user) crontab to create the automated renewal task, because your user doesn’t have enough permissions to perform the renewal, and sudo probably won’t work in an automated non-interactive task.
Instead, you could add the task in root’s crontab, editing with sudo crontab -e instead of crontab -e, and then omitting the sudo command from the renewal task that you create in the crontab file.
if it’s your original one, it will run on April 1st no matter what. But this is dangerous. If renewal fails – your machine is off, there are connectivity issues on either end… – on April 1st the next automatic attempt would be on June 1st. That’s why you should run the cron once per day and let certbot decide if it’s time to renew.
if you replaced it as per @schoen’s suggestion, it will run every night and only renew 30 days before expiration. But this doesn’t seem the case, as it would have renewed the cert last night, and it didn’t.