My certs got renewed automatically without me setting up cron. How?

My domain is:
My web server is (include version): Apache/2.4.18 (Ubuntu)
I have certbot 0.17.0
The operating system my web server runs on is (include version): Ubuntu 16.04
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
I have not set up cron to run certbot renew.

I installed certbot and obtained a certificate by following the instructions on

I got a certificate and noticed that it would be due for renewal on Oct 18. When I manually ran certbot renew today, it told me it was not due for renewal. Checking the certificate, I can see that is was renewed on Sep. 19.

I am pretty sure I didn’t do it, and I doubt that my server is compromised (why should an intruder renew my certificates for me).

Is there another explanation (e.g. is there some auto-renewal feature built into certbot that does not depend on me setting up cron)?

Certbot 0.17.0… was it installed from the PPA? That package comes with both a cron job (/etc/cron.d/certbot) and a systemd timer (/lib/systemd/system/certbot.{service,timer}, or check systemctl list-timers).

(The cron job disables itself when systemd is present.)

Unless you explicitly disabled them, “certbot renew” will have been running about every 12 hours.


was it installed from the PPA?


That package comes with both a cron job (/etc/cron.d/certbot) and a systemd timer.

Both are present. the timer last ran 6 hours ago.

Thanks - great feature! That fully explains it.

PS: I now see that this it revealed under “Automating renewal” on My apologies for not reading the instructions more carefully before asking here.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.