I have just installed certbot on a CentOS8 system, and just wanted to double check if automatic renewals will work. I see that /etc/crontab does contain:
0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew
And I see that
/var/log/letsencrypt/ is filling up with logs, they contain mentions of “not due for renewal”. Givng
$ sudo /usr/local/bin/certbot-auto renew --dry-run also says not due for renewal and congratulations for everything succeeding.
My certificate status is VALID: 85 days.
Is there a certain number of remaining days where the 12-hourly renew cron task will actually do a renewal?