Let's Encrypt Auto-renewal through Cronjob (Certbot)

wirestyle22

Reference: https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-autotasks.html

I am attempting to auto-renew my let's enrypt auto renew using a cronjob although i have never created a cronjob. I've read that some people run into issues attempting this. Are any of you doing this currently?

scottalanmiller

No certbot on the machines that I've tried.

dafyre

Try...
sudo -i
crontab -e

edit: My cron job looks like this:

*       *       1,15    *       *       /usr/local/bin/certUpdate

And my script looks like this:

#!/bin/bash

for config in `dir /etc/letsencrypt/*.conf` ; do
 echo $config
 /opt/letsencrypt/letsencrypt-auto certonly -c  $config
done

I have several config files saved in that folder and it runs them all, doing the update on the first and 15th of each month.

Just change the /opt/letsencrypt/letsencrypt-auto line to the correct certbot command ( thought I had done this already).

JaredBusch

@dafyre said in Let's Encrypt Auto-renewal through Cronjob (Certbot):

Try...
sudo -i
crontab -e

edit: My cron job looks like this:

*       *       1,15    *       *       /usr/local/bin/certUpdate

And my script looks like this:

#!/bin/bash

for config in `dir /etc/letsencrypt/*.conf` ; do
 echo $config
 /opt/letsencrypt/letsencrypt-auto certonly -c  $config
done

I have several config files saved in that folder and it runs them all, doing the update on the first and 15th of each month.

Just change the /opt/letsencrypt/letsencrypt-auto line to the correct certbot command ( thought I had done this already).

Eww, WTF is that? Seriously, if you don't know what you are talking about, no answer is better than a wrong answer.

JaredBusch

@wirestyle22

you just call certbot again but with renew.

test it first obviously.

certbot renew --dry-run 

If that works put this in your cron.

certbot renew --quiet

wirestyle22

@JaredBusch Yeah I tested that before today and it was successful. I'm just new to cron so I had to figure out how to actually create a cron job etc. Thanks!

JaredBusch

Now that may or may not work depending on your config and all that.

My Nginx proxy does most of my cert stuff, and i did not let it try to magically setup my stuff.

Also I have never used the reenw command yet, because I keep adding or removing domains. so I keep using the certonly command with the --expand flag

wirestyle22

@JaredBusch So if I change my cron to: */5 * * * * /usr/bin/certbot --quiet to test and it's successful I won't see anything due to the --quiet modifier, but if it fails what happens? is a log generated and if so where if I don't specify?

NerdyDad

Hak5 be of assistance?

Youtube Video

wirestyle22

sudo crontab -e

#> /tmp/certbot.log specifies log location. It should be cleared each time it runs
* 1 * * 1 /usr/bin/certbot --quiet > /tmp/certbot.log