py37-certbot question

[Odhiambo Washington]

On Fri, 11 Sep 2020 at 00:48, Valeri Galtsev <galtsev at kicp.uchicago.edu>
wrote:

> Dear Experts,
>
> I hope, someone knows details of python3 based certbot. Namely, if run
> with "update" command, it updated certificates that will expire "soon".
> How soon, it doesn't say in man page, just soon. Does someone know how
> close to expiration cert should be to be considered by the script for
> renewal.
>
> I use certbot since its python 2 version - for quite some time actually
> to renew LetsEncrypt certificates. With python2 version in the past I
> run cron job daily and I was restarting apache from that same script if
> certificate was updated. With python3 version when I switched to it I
> followed somebody's HOWTO, and just added to /etc/periodic.conf:
>
> weekly_certbot_enable="YES"
> weekly_certbot_service="apache24"
>
> And was living happily ever since. However, one of the machines is about
> 4 days before expiration, Letsencrypt sent me notification: update cert.
> I checked, and crond is runnning, /etc/periodic.conf is as expected, and
> now, 4 days before expiration script (with --dry run flag) indeed goes
> about renewing the cert. There is one weekly cron jobs set that will
> happen before actual expiration of my certs, so I somehow think all is
> OK and my cert will be renewed.
>
> But I am just curios how many days before expiration certbot does renew
> certificate that will expire "soon".
>
>
> Or should I probably switch it over to daily cron job?
>
> As every lazy sysadmin, I do prefer to set things up so they definitely
> work without my attention. And I do not want to be reminded to do
> something it it will still happen on its own. So, switch to daily cron job?
>

You could use this: https://github.com/vbotka/ansible-leutils

<https://github.com/vbotka/ansible-leutils>I have been using it on my
systems for 4 years.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)