Quick question - letsencrypt upgrade certbort / auto renew


#1

I following this https://certbot.eff.org/lets-encrypt/ubuntuxenial-apache en upgrading letsencrypt to cerbot will ssl auto renew?

thanks in advance


#2

Check your cron jobs:

crontab -l
sudo crontab -l


#3

when i execute the command crontab -l
it doesnt return any info at all…

Does that mean there isn’t any script/job?

if there is no job how can i create it?

thanks in advance


#4

What about with sudo?:


#5

i log in as root on the machine:)


#6

See: https://certbot.eff.org/docs/using.html#automated-renewals
And: https://help.ubuntu.com/community/CronHowto
Basically I would use the exact same command that works for you at the prompt.
I use this with Ubuntu/NGINX/Certbot:
04 11 * * * /usr/bin/certbot renew --nginx

Also, make sure there is no system timer running certbot (Ubuntu supports both):
systemctl list-timers


#7

Please don’t use renew --nginx. Just renew.

Certbot stores which plugin was used to obtain each certificate and automatically uses that same plugin for renewals. This could be different for each certificate on the system, when there are multiple certificates.


#8

Thu 2018-06-07 17:34:55 CEST 4h 20min left Wed 2018-06-06 17:34:55 CEST 19h ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
Fri 2018-06-08 00:33:23 CEST 11h left Thu 2018-06-07 12:23:32 CEST 51min ago certbot.timer certbot.service
Fri 2018-06-08 03:27:40 CEST 14h left Thu 2018-06-07 12:08:02 CEST 1h 6min ago apt-daily.timer apt-daily.service
Fri 2018-06-08 06:54:32 CEST 17h left Thu 2018-06-07 06:22:40 CEST 6h ago apt-daily-upgrade.timer apt-daily-upgrade.service


#9

04 11 * * * /usr/bin/certbot renew doesnt work…

when i search for certbot i can find it under /usr/bin/ but i cant rut it


#10

with those commands i upgraded letsencrypt.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache

but stil it doesnt same to be working.


#11

You already have a systemd timer to run “certbot renew” twice a day, so you don’t need to add a cron job or another timer.

What happens? What isn’t working?


#12

the ssl certifcaat doesnt change…

so thats the reason i asssume the task isnt working


#13

What command or program thinks that it hasn’t changed?

What does “certbot certificates” show? (Without redacting information.)

Perhaps the certificate was renewed, but the web server, or whatever, is configured to use a different copy of the files, or needs to be reloaded.


#14

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: domainname
Domains: domainname
Expiry Date: 2018-09-04 05:03:02+00:00 (VALID: 73 days)
Certificate Path: /etc/letsencrypt/live/domainname/fullchain. pem
Private Key Path: /etc/letsencrypt/live/domainname/privkey.pe m


#15

The valid from that dint change when you renew a cert it wil show the date since when its is valid


#17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.