- Newest
- Most votes
- Most comments
Are you using AL2023 certbot packages to obtain LetsEncrypt cert?
If yes, there is a certbot-renew.timer systemd that will auto renew your cert for you. Do ensure that timer is enabled and started.
sudo dnf install -y certbot python3-certbot-apache
sudo systemctl enable certbot-renew.timer
sudo systemctl start certbot-renew.timer
sudo systemctl status certbot-renew.timer
Check certbot-renew.service status for renewal status
% sudo systemctl status certbot-renew
○ certbot-renew.service - This service automatically renews any certbot certificates found
Loaded: loaded (/usr/lib/systemd/system/certbot-renew.service; static)
Active: inactive (dead) since Sat 2024-03-09 00:36:09 UTC; 4min 56s ago
TriggeredBy: ● certbot-renew.timer
Process: 9260 ExecStart=/usr/bin/certbot renew --noninteractive --no-random-sleep-on-renew $PRE_HOOK $POST_HOOK $RENEW_HOOK $DEPLOY_HOOK $CERTBOT_ARGS (code=exited, status=0/SUCCE>
Main PID: 9260 (code=exited, status=0/SUCCESS)
CPU: 484ms
Mar 09 00:36:09 al2023.aws-demo.com certbot[9260]: Processing /etc/letsencrypt/renewal/mycert.com.conf
Mar 09 00:36:09 al2023.aws-demo.com certbot[9260]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Mar 09 00:36:09 al2023.aws-demo.com certbot[9260]: Certificate not yet due for renewal
Mar 09 00:36:09 al2023.aws-demo.com certbot[9260]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Mar 09 00:36:09 al2023.aws-demo.com certbot[9260]: The following certificates are not due for renewal yet:
Mar 09 00:36:09 al2023.aws-demo.com certbot[9260]: /etc/letsencrypt/live/mycert.com/fullchain.pem expires on 2024-05-07 (skipped)
Mar 09 00:36:09 al2023.aws-demo.com certbot[9260]: No renewals were attempted.
Mar 09 00:36:09 al2023.aws-demo.com certbot[9260]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Mar 09 00:36:09 al2023.aws-demo.com systemd[1]: certbot-renew.service: Deactivated successfully.
You can do a dry run to test renewal
sudo certbot --dry-run renew
Alternatively, you can install crond and create a cron job to do the renewal. Refer to certbot documentation for details
sudo dnf install -y cronie
sudo systemctl enable --now crond
I think you're referring to the cronie package when you mention installing it. The official documentation states - "The cronie package was installed by default on the AL2 AMI, providing support for the traditional crontab way of scheduling periodic tasks. In AL2023, cronie is not included by default. Therefore, support for crontab is no longer provided by default.
In AL2023, you can optionally install the cronie package to use classic cron jobs. We recommend that you migrate to systemd timers due to the added functionality provided by systemd.
It is possible that a future version of Amazon Linux, possibly the next major version, will no longer include support for classic cron jobs and complete the transition to systemd timers. We recommend that you migrate away from using cron."
To leverage systemd timers instead, check out https://www.freedesktop.org/software/systemd/man/latest/systemd.timer.html and be sure to reference your LetsEncrypt client (https://letsencrypt.org/docs/client-options/) documentation for additional details.
Relevant content
- Accepted Answerasked a year ago
- asked 4 years ago
AWS OFFICIALUpdated 6 days ago- AWS OFFICIALUpdated 19 days ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 5 months ago
