My certs got renewed automatically without me setting up cron. How?

My domain is: hannemyr.com
My web server is (include version): Apache/2.4.18 (Ubuntu)
I have certbot 0.17.0
The operating system my web server runs on is (include version): Ubuntu 16.04
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
I have not set up cron to run certbot renew.

I installed certbot and obtained a certificate by following the instructions on https://certbot.eff.org/.

I got a certificate and noticed that it would be due for renewal on Oct 18. When I manually ran certbot renew today, it told me it was not due for renewal. Checking the certificate, I can see that is was renewed on Sep. 19.

I am pretty sure I didn’t do it, and I doubt that my server is compromised (why should an intruder renew my certificates for me).

Is there another explanation (e.g. is there some auto-renewal feature built into certbot that does not depend on me setting up cron)?

Certbot 0.17.0… was it installed from the PPA? That package comes with both a cron job (/etc/cron.d/certbot) and a systemd timer (/lib/systemd/system/certbot.{service,timer}, or check systemctl list-timers).

(The cron job disables itself when systemd is present.)

Unless you explicitly disabled them, “certbot renew” will have been running about every 12 hours.

3 Likes

was it installed from the PPA?

Yup.

That package comes with both a cron job (/etc/cron.d/certbot) and a systemd timer.

Both are present. the timer last ran 6 hours ago.

Thanks - great feature! That fully explains it.

PS: I now see that this it revealed under “Automating renewal” on https://certbot.eff.org. My apologies for not reading the instructions more carefully before asking here.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.