When to run certbot renew? Once a day is not enough?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: marina-cassell.club

I ran this command: /usr/bin/certbot renew

It produced this output: No renewals were attempted.

My web server is (include version): Apache 2

The operating system my web server runs on is (include version): Ubuntu 18.04.2 LTS

My hosting provider, if applicable, is: not applicable

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot --version
certbot 0.23.0

I am running certbot renew every day in a cron job on my server.
The cron job is set up as

m h dom mon dow command

42 05 * * * /usr/bin/certbot renew

Still I am sporadically getting “Action Required” mails warning me about certificates timing out.
The cron-executed update seems to renew all certificates successfully; I actually have multiple domains hosted on that same server, each with a Letsencrypt certificate.
The expiry warnings ever only list one of my certs.

I want to get rid of the warnings: every time I see them, I have to manually check if this is a bogus warning or actually something went wrong on the renew (which so far it never does).

So: how do I actually renew in a fashion, that the letsencrypt infrastructure will not warn me?

Hi @hase

normally, you shouldn't get such mails with productive certificates.

I have sometimes such warnings, but only from the test system.

The first mail comes if the certificate expires in 20 days. The second mail 10 days later.

One rule: Start renew if the certificate is 30 days valid. Second rule: Check it two times per day.

If you have such mails, something doesn't really work.

Is there a downtime in the morning?

My mistake: I did not really read that warning completely :slight_smile:
Probably because I had bogus expiry warning in the past and am so used to checking and ignoring…

thanks for your response, It helped tremendously.


1 Like

PS: A little bit unclear: Start renew if the certificate expires in 30 days. The standard: Every 60 - 65 days a new certificate. So you have 30 days to fix a problem.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.