ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Renewing Let's Encrypt certificates using a systemd timer

    IT Discussion
    systemd timers certbot nginx how to
    4
    9
    1.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • wirestyle22W
      wirestyle22
      last edited by wirestyle22

      Create a service unit file in /etc/systemd/system/certbot-renewal.service

      [Unit]
Description=Certbot Renewal

[Service]
ExecStart=/usr/bin/certbot renew --post-hook "systemctl restart httpd"

      Create the timer unit file /etc/systemd/system/certbot-renewal.timer

      [Unit]
Description=Timer for Certbot Renewal

[Timer]
OnCalendar=*-*-* 01,13:00:00
RandomizedDelaySec=3600
Unit=certbot-renewal.service

[Install]
WantedBy=multi-user.target

      start the timer
      systemctl start certbot-renewal.timer

      enable to start the timer on boot
      sudo systemctl enable certbot-renewal.timer

      status
      systemctl status certbot-renewal.timer

      journal
      journalctl -u certbot-renewal.service

      *Included JB's timer.

      1 Reply Last reply Reply Quote 7
      • wirestyle22W
        wirestyle22
        last edited by

        Reserved

        1 Reply Last reply Reply Quote 0
        • NashBrydgesN
          NashBrydges
          last edited by

          Any benefit to doing it this way vs standard cron?

          JaredBuschJ wirestyle22W 2 Replies Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch @NashBrydges
            last edited by

            @nashbrydges said in Renewing Let's Encrypt certificates using a systemd timer:

            Any benefit to doing it this way vs standard cron?

            Because system D is the standard now

            NashBrydgesN 1 Reply Last reply Reply Quote 0
            • NashBrydgesN
              NashBrydges @JaredBusch
              last edited by

              @jaredbusch Thanks

              black3dynamiteB 1 Reply Last reply Reply Quote 0
              • wirestyle22W
                wirestyle22 @NashBrydges
                last edited by wirestyle22

                @nashbrydges said in Renewing Let's Encrypt certificates using a systemd timer:

                Any benefit to doing it this way vs standard cron?

                systemd timers are systemd services with all their capabilities for resource management, which is great. You can create dependencies on activation time. systemctl enable/disable works with it if you just want to stop it and check what is going on. Actual easily readable logging. Bunch of stuff

                Cron benefits are that it's a single line and I don't think systemd can do something like MAILTO on a failure.

                1 Reply Last reply Reply Quote 0
                • black3dynamiteB
                  black3dynamite @NashBrydges
                  last edited by black3dynamite

                  @nashbrydges said in Renewing Let's Encrypt certificates using a systemd timer:

                  @jaredbusch Thanks

                  Also if you install Fedora Server 28 as a minimal base environment, cronie isn't even installed.

                  wirestyle22W 1 Reply Last reply Reply Quote 2
                  • wirestyle22W
                    wirestyle22 @black3dynamite
                    last edited by

                    @black3dynamite said in Renewing Let's Encrypt certificates using a systemd timer:

                    @nashbrydges said in Renewing Let's Encrypt certificates using a systemd timer:

                    @jaredbusch Thanks

                    Also if you install Fedora Server 28 as a minimal base environment, cronie isn't even installed.

                    Didn't know that but it makes sense.

                    1 Reply Last reply Reply Quote 0
                    • JaredBuschJ
                      JaredBusch
                      last edited by JaredBusch

                      @wirestyle22 said in Renewing Let's Encrypt certificates using a systemd timer:

                      sudo systemctl enable certbot-renewal.timer

                      As I did this again today, I thought I would post my quick tweak to this because I do not like the idea of it running hourly.

                      I set mine to run twice a day with a 1 hour randomizer.

                      [Timer]
OnCalendar=*-*-* 01,13:00:00
RandomizedDelaySec=3600
Unit=certbot-renewal.service

                      027a0074-88ec-4c1f-b114-91722521529b-image.png

                      1 Reply Last reply Reply Quote 2
                      • 1 / 1
                      • First post
                        Last post