autorenew is not working about certbot HOT 7 OPEN

but there is no background job running

What exactly do you mean by this? How/where did you check?

from certbot.

but there is no background job running

What exactly do you mean by this? How/where did you check?

nothing happened:

• still the old certs in /etc/letsencrypt/live
• no new entry in /var/log/letsencrypt

also i'm not sure how the task is triggered, but there is neither a cronjob nor a systemd-timer.

from certbot.

I don't fully understand why you would see that message. It would only show if the --preconfigured-renewal option was used, which is a packager use only option (i.e., not to be used by users on the command line, but by the packager of an OS package).

If I take a look at the contents of the OL8 EPEL Certbot 1.22.0-1 RPM, I do not see such option actually being used anywhere.

That said, I also can't find that option in the Debian .deb package of which I know it does install a systemd timer.. 🤔 So maybe I'm not searching good enough.

Anyway, Certbot itself (the Python application) does not automatically insert cronjobs or systemd timers and relies on the --preconfigured-renewal option to show you that message, which is added by packagers. The recommended method of installing Certbot using snap however does install a (indirect I believe) systemd timer. For OS packages it's left to the packager of that package to add a systemd timer or cronjob.

So while I don't fully understand the OL8 EPEL package, I don't believe this is actually a Certbot issue.

from certbot.

I don't fully understand why you would see that message. It would only show if the --preconfigured-renewal option was used, which is a packager use only option (i.e., not to be used by users on the command line, but by the packager of an OS package).

Well, I see the message.

So while I don't fully understand the OL8 EPEL package, I don't believe this is actually a Certbot issue.

At least certbot shows the wrong message.

Anyway, Certbot itself (the Python application) does not automatically insert cronjobs or systemd timers and relies on the --preconfigured-renewal option to show you that message, which is added by packagers. The recommended method of installing Certbot using snap however does install a (indirect I believe) systemd timer. For OS packages it's left to the packager of that package to add a systemd timer or cronjob.

I never understood why snap is the recommended method. Does anybody really like snap?

Back to topic: For now I will set up a systemd timer or a cronjob manually in future. But maybe someone finds out what is really going wrong here. Either Oracle Linux (or RHEL) made a mistake in the EPEL Repo or I missed something...

from certbot.

At least certbot shows the wrong message.

No, Certbot shows a message as instructed by the --preconfigured-renewal option. Of course I cannot exclude a bug with the limited information provided, but I highly doubt it. If you would have shown a log as requested by the initial questionnaire when you opened this issue (which you have deleted), we could investigate further.

But maybe someone finds out what is really going wrong here. Either Oracle Linux (or RHEL) made a mistake in the EPEL Repo or I missed something...

You might want to reach out to the OL8 EPEL packager.

from certbot.

No, Certbot shows a message as instructed by the --preconfigured-renewal option.

You are right. What I meant was that this message made me think, certbot creates the timer.

Of course I cannot exclude a bug with the limited information provided, but I highly doubt it. If you would have shown a log as requested by the initial questionnaire when you opened this issue (which you have deleted), we could investigate further.

Sorry for the few information. This issue is reproducable on a fresh OL8 with only certbot and httpd or nginx installed.
I have checked all logfiles. After creating the certificates no new entry was appended and while creating no error occoured. But I will check the logs again and provide them here soon.

While answering I had another idea: Maybe SELinux caused that the systemd-timer was not created. I'll check this also...

You might want to reach out to the OL8 EPEL packager.

That will be the next step ;)

from certbot.

Actually there is a certbot-renew.timer in /usr/lib/systemd/system, which is just not enabled. Running systemctl enable --now certbot-renew.timer makes it work as expected. Same issue on Rocky Linux (did not check other RHEL Clones yet)

from certbot.