Join Log in
Score:4
IpsRich avatar Server

Will certbot actually renew my certificate?

id flag
IpsRich

Looking at /etc/cron.d/certbot, I don't think it will! That file includes the line:

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew

and, unless I'm reading it wrong, renewal will only happen if there's a readable, executable file called /usr/bin/certbot (there is) AND if there's not a directory called /run/systemd/system (but there is, even though it's empty).

So am I right and the certbot -q renew bit will never run? Is there perhaps somewhere else that also triggers the renewal? (I thought there might be something in /run/systemd/system because that's being checked, but as I said, there's not. Out of curiosity, why does this little script check for the non-existence of /run/systemd/system?)

This is running the latest certbot (v1.18.0, installed yesterday using the official instructions) on Ubuntu 18.04.

By the way, I have run:

test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot renew --dry-run

as root on the command line, and it exits immediately with an exit status of 1.

720
1 + 2
Michael Hampton avatar
cz flag
Michael Hampton
The cron job is obsolete (and its continued presence in the package is an error); use the systemd timer instead.
0
Reply
IpsRich avatar
id flag
IpsRich
@MichaelHampton I just assumed it was maybe for a different and/or old(er) Linux distro. Its presence did confuse me!
0
Reply
Score:7
vidarlo avatar Server
ar flag
vidarlo

If the system is using systemd, it will run as a systemd service, triggered by time.

If you run systemctl status certbot.timer you will get the status of the service that triggers certbot from systemd.

This is why the cron script is configured not to run renewal if systemd is detected on the machine.

0 + 2
IpsRich avatar
id flag
IpsRich
Thanks - that makes sense. Should I be concerned that when I run that `systemctl` command, the output includes `Active: inactive (dead) since Mon 2021-09-06 15:36:46 BST; 18h ago`?
0
Reply
IpsRich avatar
id flag
IpsRich
In answer to my own extra question above, [it seems I shouldn't be concerned](https://community.letsencrypt.org/t/certbot-inactive/148403/2) about it.
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.