Issue to renew?

I think you forgot --deploy-hook there!

You don’t normally need to specify anything after certbot renew in your cron job if you set up the options that you wanted when you originally obtained the certificate. You can set --preferred-challenges and --deploy-hook in your original command when obtaining the certificate.

(Also, if you used --nginx or chose that from the menu, you don’t normally need a separate command to reload nginx, because Certbot should do that for you automatically.)

Thanks for the reply,
So if i understood correctly when its a fresh domain

i would run

         certbot -d yournewdomain --nginx --preferred-challenges http --deploy-hook

and for the renew on the cronjob would be something like this?

                 30 2 * * 1      certbot renew >> /var/log/le-renew.log

Thank you

Almost!

The --deploy-hook option is what you can use to tell Certbot to run a command after the certificate is renewed. So if you want to run the systemctl reload nginx, then you need to specify that as an option to --deploy-hook. However, with --nginx this should probably not be necessary at all because Certbot should also take care of reloading nginx for you after renewals.

For this one we recommend running twice a day rather than once a week. certbot renew only attempts to renew certificates that are less than 30 days away from expiring, so it’s normally safe to run it frequently. (If the renewal succeeds, the new certificate is saved and then certbot renew stops trying to renew that certificate.) The main reason to run more than once a week is in case of temporary renewal failures due to infrastructure outages, so that you can get more automated attempts in case of such failures, and also more time to notice them and correct them if they are ones that require some action on your part.

If you do this only once a week, Certbot may only make a total of 4 attempts to renew the certificate before it expires; this is somewhat risky if you imagine the possibility of a configuration problem in your or your registrar’s DNS settings, or a temporary Let’s Encrypt outage, or something like that.

Depending on how you installed Certbot, you may already have an automated command running certbot renew, since several ways of installing it provide that for you (either as a cron job or as a systemd timer).

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.