Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: www.burr.cc
I ran this command: N/A
It produced this output: N/A
My web server is (include version): httpd-2.2.15-69.el6.centos.x86_64
The operating system my web server runs on is (include version): centos-release-6-10.el6.centos.12.3.x86_64
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I donât know): yes
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if youâre using Certbot): certbot 0.37.1
QUESTIONS:
Following the instructions at
https://certbot.eff.org/lets-encrypt/centos6-apache
I obtained and installed a certificate. It appears to be working. I no longer have my old self-signed certificate and now have one apparently signed by âAVG Web/Mail Shield Rootâ ?? (I really hope that is correct. If not, I have NO idea where that came from! But it appears to be good for the expected 90 days.)
Anyway, the next step is to install a cronjob:
0 0,12 * * * root python -c âimport random; import time; time.sleep(random.random() * 3600)â && /usr/local/bin/certbot-auto renew
This cronjob runs twice a day, at midnight and noon, every day. It waits a random time up to an hour and performs a renewal.
Why, if the certificates last 90 days, do I need to renew it twice a day?
Do I need to add code to also restart apache after each renewal so it loads in the new certificate?