Why is certbot attmepting renewal daily?

I created this cronjob:

30 2 * * 1 certbot renew --post-hook "/etc/init.d/nginx reload" >> /var/log/le/logfile.log.

This should attempt renewal weekly, which it does. However there is some other cronjob or config that attempts renewal daily. I noticed that when checking the letsencrypt logs directory in "/var/log/letsencrypt", I see that there are daily log files and daily renewal attempts.

My post hook will never work because there will never be a certificate to renew.

Server debian jessie,nginx, certbot version: 0.9.3

Found the issue, turns out that there was a cronjob that was created on installation and placed in the "/etc/cron.d/" directory. This attempts renewal every 12hours daily. :confused:

Some more info I found on the issue.

Hi @greenzwiz,

Part of the functionality of certbot renew is to attempt to renew only those certificates that are less than 30 days away from expiry. The default behavior is certbot renew --keep-until-expiring, which does not attempt to renew every certificate on your system; that would be the behavior of the alternative form certbot renew --force-renewal, which is not recommended under most circumstances.

Because of this, we feel comfortable recommending that certbot renew be run twice per day so that renewal attempts happen promptly when certificates reach 30 days from expiry. However, if you have a specific reason why you don’t want this check to happen this often, that’s fine, of course. I just want to make sure that it’s clear that under normal circumstances this is not going to renew every certificate every day.


This is the default behavior when using the packaged version of certbot. I would recommend deleting the cron that does it weekly and letting certbot renew work twice a day as recommended on documentation.

1 Like

Thanks, that’s what I did.

Thank you for the info. I’ll leave the default.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.