My certificate is valid for 62 days. When should it be available for update?


#1

My certificate is valid for 62 days. When should it be available for update?

output from my cronjob:

Certificate not yet due for renewal; no action taken.

cronjob:

00 12 1 */2 * sudo /opt/eff.org/certbot/venv/local/bin/certbot --nginx certonly -n -d DOMAIN --post-hook “service nginx restart” /var/log/letsencrypt/date +\%Y\%m\%d\%H\%M\%S-certonly-logs 2>1


#2

Usually when it reaches less than 30 days.

You may be able to trick your client into renewing more often, but where the certs themselves are only good for 90 days, there’s not really much point in doing this. Just make sure your cron job runs once a day, and when your cert reaches 30 days it should renew and deploy the new files automatically.


#3

You should add a -q to your cronjob so it doesn’t produce that output. Certbot will automatically renew your certificate when its expiration is 30 days away.

Also I’d like to request you generate a random number instead of 00. We have lots of people who make cron jobs at 00 and it generates big load spikes. :smiley: