What is the correct way to renew cert by cronjob

I wonder what is the correct way to do an auto renew of letsencrypt it cert?

It's NOT always "not working", sometimes the certbot renew set on cronjob did the job. When it was not working, I did it manually and came across problem when simply issuing the command.

Without any change to the config, I assume the "certbot renew" is a straight forward way to do the renew; otherwise this command option looks not meaningful.

Have I overlook something?

My domain is: tenniscoach.top and security-warehouse.com

I ran this command: certbot renew

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/security-warehouse.com-0001.conf

Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.')
Attempting to renew cert (security-warehouse.com-0001) from /etc/letsencrypt/renewal/security-warehouse.com-0001.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.'). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/security-warehouse.com-0001/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/security-warehouse.com-0001/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

My web server is (include version):nginx 1.23.2

The operating system my web server runs on is (include version):ubuntu 20 LTS

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): i am using bash

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.40.0

when i ran manually the certbot renew, i've systemctl stopped nginx

You can't automatically renew with --manual if you're copying the challenge string by hand. Certbot doesn't have any hands and that's why the certbot renew cronjob doesn't work. More on that here.

If you want automatic renewal to work, don't use --manual.

The DNS for security-warehouse.com is hosted by Linode, so you could use certbot-dns-linode to do all of this automatically and without doing anything by hand.

Eventually I managed to renew certbot by certbot-linode plugin and as said the certbot is built-in and nothing need to by hand.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.