Is it possible to set renewal time

run_the_race · April 18, 2022, 7:57pm

Is it possible to specify the time when certbot renews the certs?
At the moment I see it occurs at 00:00.

This is actually the first time for me, due to timezones the site is at its peak demand at 00:00, is it possible to specify what time it should renew the cert?

schoen · April 18, 2022, 8:03pm

Hi @run_the_race,

Your certbot renew command is probably getting run by a cron job or a systemd timer, depending on how you installed Certbot. (However, 0:00 is an uncommon time for these tasks to run, so you may also have installed Certbot in a somewhat unusual way.)

Are you familiar with cron and systemd timers? Can you take a look at those to see how they're set up?

Alternatively, can you tell us how you installed Certbot?

run_the_race · April 18, 2022, 8:30pm

Thanks for that info! I thought it might be a cron job, but couldnt see anything sounding like letsencrypt or certbot:

cron.d
├── e2scrub_all
├── popularity-contest
└── sysstat
cron.daily
├── apport
├── apt-compat
├── bsdmainutils
├── dpkg
├── logrotate
├── man-db
├── popularity-contest
├── sysstat
└── update-notifier-common
cron.hourly
cron.monthly
crontab [error opening dir]
cron.weekly
├── fstrim
├── man-db
└── update-notifier-common

I installed certbot with snap install --classic certbot on Ubuntu 20.04

9peppe · April 18, 2022, 8:35pm

run systemctl list-timers

(and I find pretty strange that it always renews at midnight)

you can override the settings of that timer by running systemctl edit certbot.timer and then have fun setting OnCalendar and RandomizedDelaySec

https://www.freedesktop.org/software/systemd/man/systemd.timer.html

_az · April 18, 2022, 8:38pm

When Certbot is installed as a snap, renewal times are randomly generated and set in the systemd unit.

You can inspect the generated times by looking at:

# grep OnCalendar /etc/systemd/system/snap.certbot.renew.timer
OnCalendar=*-*-* 02:48
OnCalendar=*-*-* 23:49

It seems unlikely that the times would be at midnight.

schoen · April 18, 2022, 8:50pm

Try

systemctl list-timers

to see if it's run from a systemd timer.

Also note that traditional crontab files list jobs one per line in a text file, rather than using the cron.d method. You can normally view those with

crontab -l

as the user (e.g. root) whose crontab you're interested in.

system · May 18, 2022, 8:50pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.