I've developed a REST API in Node and installed nginx as reverse proxy in front of that in order to handle the SSL certificate from Letsencrypt. It's the first time I've set up nginx but everything seems to work as intended. The certbot installation was uneventful and the certificate is in place and works. My only concern is that I can't see any evidence of auto-renewal in place.
The Certbot docs say:
The command to renew certbot is installed in one of the following locations:
/etc/crontab/
/etc/cron.*/*
systemctl list-timers
I've checked all the above locations but there are no traces of certbot anywhere. Running sudo certbot renew --dry-run
works without any error messages but no cron job or timer is created as far as I can see. Are the docs outdated or is the problem my lacking Linux skills?
The server is running Ubuntu 20.04.1 LTS and nginx/1.18.0 (Ubuntu).
Best Answer
By default on Ubuntu 18.04+, certbot should add
/etc/cron.d/certbot
and run every 12 hours(*/12)
. If you do not see a file there, you can create your own cronjob by doingsudo crontab -e
and adding a simple job that follows the template instructions. You'll need to be sure that cron understands where certbot lives, or use the full path. Generally the full path is a better bet than hoping cron knows yourPATH
. By default certbot should be at/usr/local/bin/certbot
You can verify where certbot lives by doing
which certbot
The command you should enter in your cron job will be
/path/to/certbot renew
To run a midnightly renewal every Day of the Month, Every Month, on every Day of the Week, if everything is default and you're using Ubuntu, the full line you'd add in cron would be: