I have installed my let’s encrypt on Amazon linux ami ec2 instance. I have did the sudo crontab -e as such.
0 3 * * * /usr/local/bin/certbot-auto renew
30 3 * * * service httpd restart
However, the certificate failed to renew. Can anyone help to explain why? I am not very familiar with the commands but I remember I follow some articles to do the auto renewal part.
Is there somewhere that I can find the log file of the error for renewal?
Due to this, as it expires today, I tried manually like sudo /usr/local/bin/certbot-auto renew and it works though there is some error but somehow it automatically renew successfully.
When i checked sudo openssl x509 -noout -dates -in /etc/letsencrypt/live/learningforkeeps.com.sg/cert.pem the expiry date has changed to February next year. So it works.
I did not keep the error. If I remember correctly is some connection or authentication problem.. 3 times connecting ... then failed then after that give the message clean up challenge or something like that... and renewal completed successfully.
I just checked, it does not seems to have records on anything except on the time I did manual renewal yesterday.
Is it possible that it didn't run at all.
Do i have to put sudo in the certbot file since I need to use sudo to do it manually?
There might be a chance that running crontab with sudo doesn't change some environment variables, so that infact you are not editing root's crontab but instead your own. You may check that if you (as root) have a look into the directory /var/spool/cron/crontabs:
sudo ls -ls /var/spool/cron/crontabs
As an alternative, you may just add the renewal to the system's crontab (file /etc/crontab or directory /etc/cron.d). Be sure to follow the format then:
Note that this is only for /etc/crontab and not for per-user crontabs (including root’s crontab), which don’t have a field for the user. But since you’re editing /etc/crontab, you do need to supply the field for the user.