certbot certificates is listing my certificates and shows that they are going to expire in 4 days. I also got a reminder email warning me about that a couple of days ago.
Reason why I'm asking: I moved to a new server (from 32bit to 64bit Ubuntu recently). I also migrated (copied) everything from /etc/letsencrypt to the new server.
I'm not running a webserver.
For the moment I forgot, which challenge my installation is using.
How can I test
whether certbot would "heal" the upcoming expiration beforehand by itself automatically?
(it looks like the expiration would occur unevitably)
if certbot is setup for automatic renewals and whether it can be found in some cron files?
I tried this and got:
root@mail:~# certbot renew --dry-run
Another instance of Certbot is already running.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/tmpn47tbydo/log or re-run Certbot with -v for more details.
root@mail:~# ps ax | grep certbot
43512 ? Ss 0:00 /usr/bin/python3 /usr/bin/certbot -q renew
43526 pts/0 S+ 0:00 grep --color=auto certbot
root@mail:~#
And to add some more findings:
# /etc/cron.d/certbot: crontab entries for the certbot package
#
# Upstream recommends attempting renewal twice a day
#
# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc. Renewal will only occur if expiration
# is within 30 days.
#
# Important Note! This cronjob will NOT be executed if you are
# running systemd as your init system. If you are running systemd,
# the cronjob.timer function takes precedence over this cronjob. For
# more details, see the systemd.timer manpage, or use systemctl show
# certbot.timer.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
Oct 22 06:33:56 mail certbot[34963]: Failed to renew certificate mail.kukulies.org with error: The requested apache plugin does not appear to be installed
In this forum I found:
about this issue, but neither the apt package can be found nor the cited link works (Error 404)
Mon 2023-10-23 19:08:37 CEST 8h left Mon 2023-10-23 09:27:36 CEST 49min ago certbot.timer certbot.service
Meanwhile I got into the right direction. My apache2 had start problems. Some modules were missing. Mainly apt install python3-certbot-apache and some others. (I neglected apache2 a bit, since it was not primarily the goal to run a web server. mail server is the primary task)
If that remains there for too long, please show the renewal config files.
[which will undoubtedly show that Apache installer/authenticator is required - and hasn't been installed]
I remember that certbot once was running under snapd but since there were no 32bit snapd updates available any longer, that's one reason I moved to Ubuntu 64bits.
Renewals usually run after 60 days (30 days remaing before expiry of cert).
The auto-renew should have been setup during install of snap Certbot. You can check that with instructions at link below. But, yes, definitely confirm it does manually too.
It might have been as simple as a hanging process previously which would prevent automatic renewal (as there already was a running Certbot) every time Certbot was run using cron or systemd timer. Apparently with removing the apt Certbot and installing the snap Certbot, this has been fixed.
No absolute guarantees of course, but as snap installs a renew job and the renewal worked just now, you should be good to go for future renewals.
