Score:4

Will certbot actually renew my certificate?

id flag

Looking at /etc/cron.d/certbot, I don't think it will! That file includes the line:

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew

and, unless I'm reading it wrong, renewal will only happen if there's a readable, executable file called /usr/bin/certbot (there is) AND if there's not a directory called /run/systemd/system (but there is, even though it's empty).

So am I right and the certbot -q renew bit will never run? Is there perhaps somewhere else that also triggers the renewal? (I thought there might be something in /run/systemd/system because that's being checked, but as I said, there's not. Out of curiosity, why does this little script check for the non-existence of /run/systemd/system?)

This is running the latest certbot (v1.18.0, installed yesterday using the official instructions) on Ubuntu 18.04.

By the way, I have run:

test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot renew --dry-run

as root on the command line, and it exits immediately with an exit status of 1.

Michael Hampton avatar
cz flag
The cron job is obsolete (and its continued presence in the package is an error); use the systemd timer instead.
IpsRich avatar
id flag
@MichaelHampton I just assumed it was maybe for a different and/or old(er) Linux distro. Its presence did confuse me!
Score:7
ar flag

If the system is using systemd, it will run as a systemd service, triggered by time.

If you run systemctl status certbot.timer you will get the status of the service that triggers certbot from systemd.

This is why the cron script is configured not to run renewal if systemd is detected on the machine.

IpsRich avatar
id flag
Thanks - that makes sense. Should I be concerned that when I run that `systemctl` command, the output includes `Active: inactive (dead) since Mon 2021-09-06 15:36:46 BST; 18h ago`?
IpsRich avatar
id flag
In answer to my own extra question above, [it seems I shouldn't be concerned](https://community.letsencrypt.org/t/certbot-inactive/148403/2) about it.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.