Due to the way GoDaddy does their Web site hosting I had to go this route for getting certbot to create my certificate for my mail server. My server is CentOS Linux release 7.9.2009 (Core) and my Certbot is certbot 1.11.0.
certbot renew is enough but you shouldn't use that command manually, you should already have a cron job or systemd timer already activate when you installed certbot that will try to renew your certificate automatically.
If you want to list the systemd timers use this command and you should view the certbot timer:
Thanks @sahsanu for your quick reply. I just checked and I am not seeing certbot in my timers list I went ahead and added 0 0 */10 * * certbot renew >> /logs/certbot-cron.log 2>&1 to my crontab.
@rg305, I suppose @Kellian installed cerbot from EPEL repository and this package doesn't add neither a cron job nor a systemd timer.
Edit: I'm going to test it in a virtual machine because it should install something...
Edit 2: I've tested it and it installs a certbot-renew timer but doesn't activate it.
You are welcome. I would configure the crontab to launch certbot renew command every day instead of every 10 days but there is nothing wrong if you want to try the renewal every 10 days.
Regarding the deploy-hook, I would use reload instead of restart so using reload there won't be any downtime in your services.
In case you want to change it, you can edit the renewal conf file for your domain /etc/letsencrypt/renewal/mail.nelsonsgoldenyears.com.conf and you will see the renew_hook option to change there the commands.
Thank you @rg305 I had nothing in Crontab and like @sahsanu mentioned I had installed from EPEL. This is a new setup so there was nothing in Crontab.
@sahsanu Thank you for that information about the deploy-hook. I will correct it. When I did the crontab I had got the information from another site. The site said that it would do it on the 10th of every month not every 10 days. That is unless they typed that information wrong on the site.
If you want to launch the command the 10th of every month you should use 0 0 10 * * instead of 0 0 */10 * *
I've installed certbot on Centos 7.9 and it installs a systemd timer but doesn't activate it. So if instead of your crontab job you want to use the certbot timer you should enable and start it:
With this system being a new build I know that I had received my certs but when I looked at timers there was no renew timer. I did run the enable and start commands and now it does show in timers.
@sahsanu and @rg305 Thank you both very much for all your help.
Sorry @rg305 I removed the post after I realized I was looking at the wrong log file. I have like 54 of them in my letsencrypt logs. I found the start of my issue though and I fixed it.