Hosting

From pega.life
Jump to navigation Jump to search

certbot[edit]

https://community.letsencrypt.org/t/cerbot-cron-job/23895/5

cronjob[edit]

You should have it here /etc/cron.d/certbot

The content of this file: 

# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc.  Renewal will only occur if expiration
# is within 30 days.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew

This cron job will be executed every 12 hours. If the file /usr/bin/certbot has the exe perms… AND there is no dir /run/systemd/system it will execute the renew command but If it detects this dir /run/systemd/system/ exists is because you are running systemd so it won’t execute the renew command. It won’t run the renew command because there is a systemd timer (a kind of cron job used by systemd) that was configured when you installed the certbot package.

systemd timer[edit]

You can check your systemd timers using command systemctl list-timers or systemctl list-timers --all if you also want to show inactive timers. Something like this: 

# systemctl list-timers --all
NEXT                         LEFT     LAST                         PASSED    UNIT                         ACTIVATES
Sun 2016-12-11 00:00:00 CET  9h left  Sat 2016-12-10 13:48:13 CET  38min ago certbot.timer                
certbot.service
Sun 2016-12-11 14:03:12 CET  23h left Sat 2016-12-10 14:03:12 CET  23min ago systemd-tmpfiles-clean.timer systemd- tmpfiles-clean.service 
n/a                          n/a      n/a                          n/a       systemd-readahead-done.timer systemd- readahead-done.service
3 timers listed.

The certbot timer should be here /lib/systemd/system/certbot.timer and it will execute the command specified here /lib/systemd/system/certbot.service

certbot.timer will execute the certbot.service at 12 am and 12 pm. 

# cat /lib/systemd/system/certbot.timer
[Unit]
Description=Run certbot twice daily

[Timer]
OnCalendar=*-*-* 00,12:00:00
RandomizedDelaySec=3600
Persistent=true

[Install]
WantedBy=timers.target

and certbot.service will execute the renew command. 

# cat /lib/systemd/system/certbot.service
[Unit]
Description=Certbot
Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html
Documentation=https://letsencrypt.readthedocs.io/en/latest/
[Service]
Type=oneshot
#ExecStart=/usr/bin/certbot -q renew
ExecStart=/usr/bin/certbot -q renew --post-hook "service postfix reload; service dovecot r PrivateTmp=true
Retrieved from "https://wiki.ho.stna.me/index.php?title=Hosting&oldid=109"