Verify error:num=20:unable to get local issuer certificate

cron jobs to run certbot should be run twice daily.
Presuming cerbot has been set properly/default.
If you are doing very strange things while executing certbot then you should know when those can/should happen.

Let's Encrypt / certbot recommends running certbot renew twice daily. It wouldn't do anything if renewal wasn't necessary, but if the cert is within 30 days of expiry, it'll renew.

1 Like

0 0,12 * * * /usr/local/bin/certbot renew <=== like so? I have it set as @weekly for some reason

and i had @weekly renew_certificates <=== that was probably set by a certbot

That's only one third of the where you can do strange stuff with certbot.

But the right side does look perfect:
"certbot renew"
[nothing strange going on there]

The other places are in the cli.ini (uncommon but possible)
And in the renewal.conf files (more common)
grep -i hook /etc/letsencrypt/renewal/*.conf

Well as long as it works - I will check the /etc/letsencrypt/renewal/*.conf

It's different in FreeBSD. grep. no match /usr/local/etc/letsencrypt

renew_before_expiry = 30 days

version = 1.18.0
archive_dir = /usr/local/etc/letsencrypt/archive/
cert = /usr/local/etc/letsencrypt/live/
privkey = /usr/local/etc/letsencrypt/live/
chain = /usr/local/etc/letsencrypt/live/
fullchain = /usr/local/etc/letsencrypt/live/

Options used in the renewal process

account = 41e216181510ed12c1199f2c3d63b7e4
authenticator = nginx
installer = nginx
server =

And nothing strange there either.
Did you check the cli.ini file?

Not yet - has just woken up

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.