Let's Encrypt Auto-renewal through Cronjob (Certbot)



  • Reference: https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-autotasks.html

    I am attempting to auto-renew my let's enrypt auto renew using a cronjob although i have never created a cronjob. I've read that some people run into issues attempting this. Are any of you doing this currently?


  • Service Provider

    No certbot on the machines that I've tried.



  • Try...
    sudo -i
    crontab -e

    edit: My cron job looks like this:

    *       *       1,15    *       *       /usr/local/bin/certUpdate
    

    And my script looks like this:

    #!/bin/bash
    
    for config in `dir /etc/letsencrypt/*.conf` ; do
     echo $config
     /opt/letsencrypt/letsencrypt-auto certonly -c  $config
    done
    

    I have several config files saved in that folder and it runs them all, doing the update on the first and 15th of each month.

    Just change the /opt/letsencrypt/letsencrypt-auto line to the correct certbot command ( thought I had done this already).


  • Service Provider

    @dafyre said in Let's Encrypt Auto-renewal through Cronjob (Certbot):

    Try...
    sudo -i
    crontab -e

    edit: My cron job looks like this:

    *       *       1,15    *       *       /usr/local/bin/certUpdate
    

    And my script looks like this:

    #!/bin/bash
    
    for config in `dir /etc/letsencrypt/*.conf` ; do
     echo $config
     /opt/letsencrypt/letsencrypt-auto certonly -c  $config
    done
    

    I have several config files saved in that folder and it runs them all, doing the update on the first and 15th of each month.

    Just change the /opt/letsencrypt/letsencrypt-auto line to the correct certbot command ( thought I had done this already).

    Eww, WTF is that? Seriously, if you don't know what you are talking about, no answer is better than a wrong answer.


  • Service Provider

    @wirestyle22

    you just call certbot again but with renew.

    test it first obviously.

    certbot renew --dry-run 
    

    If that works put this in your cron.

    certbot renew --quiet
    


  • @JaredBusch Yeah I tested that before today and it was successful. I'm just new to cron so I had to figure out how to actually create a cron job etc. Thanks!


  • Service Provider

    Now that may or may not work depending on your config and all that.

    My Nginx proxy does most of my cert stuff, and i did not let it try to magically setup my stuff.

    Also I have never used the reenw command yet, because I keep adding or removing domains. so I keep using the certonly command with the --expand flag



  • @JaredBusch So if I change my cron to: */5 * * * * /usr/bin/certbot --quiet to test and it's successful I won't see anything due to the --quiet modifier, but if it fails what happens? is a log generated and if so where if I don't specify?



  • Hak5 be of assistance?

    Youtube Video



  • sudo crontab -e

    #> /tmp/certbot.log specifies log location. It should be cleared each time it runs
    * 1 * * 1 /usr/bin/certbot --quiet > /tmp/certbot.log


Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.