change letsencrypt certbot run time

Question

I have setup certbot for letsencrypt key renewal. This works.

When i check my logs at /etc/log/letsencrypt i see it runs twice a day. Somewhere around midnight and somewhere around noon.

I would like to run it only once a day somewhere in the early morning.

To get control over the running of certbot i removed all entries from my cronjobs. But unexpectedly it still runs.

So how is certbot started?

Extra info:

when i run a script to show all cronjobs i get this: (script: How do I list all cron jobs for all users? )

mi  h    d  m  w  user  command
0   3    *  *  1  root  /usr/bin/rsnapshot weekly
0   */4  *  *  *  root  /usr/bin/rsnapshot hourly
16  10   *  *  *  root  test -x /etc/cron.daily/popularity-contest && /etc/cron.daily/popularity-contest --crond
25  6    *  *  *  root  /etc/cron.daily/apache2
25  6    *  *  *  root  /etc/cron.daily/apt-compat
25  6    *  *  *  root  /etc/cron.daily/aptitude
25  6    *  *  *  root  /etc/cron.daily/automysqlbackup
25  6    *  *  *  root  /etc/cron.daily/bsdmainutils
25  6    *  *  *  root  /etc/cron.daily/dpkg
25  6    *  *  *  root  /etc/cron.daily/exim4-base
25  6    *  *  *  root  /etc/cron.daily/logrotate
25  6    *  *  *  root  /etc/cron.daily/man-db
25  6    *  *  *  root  /etc/cron.daily/mlocate
25  6    *  *  *  root  /etc/cron.daily/ntp
25  6    *  *  *  root  /etc/cron.daily/passwd
25  6    *  *  *  root  /etc/cron.daily/popularity-contest
25  6    *  *  *  root  /etc/cron.daily/tomcat8
30  2    1  *  *  root  /usr/bin/rsnapshot monthly
30  3    *  *  *  root  /usr/bin/rsnapshot daily
47  6    *  *  7  root  /etc/cron.weekly/man-db

the file from certbot i found was certbot in /etc/cron.d

it contained this line:

#0 4 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew

which i commented out (with the #).

my system is debian:

Debian GNU/Linux 9

Ion Vladescu · Answer 1 · 2018-07-07T18:31:58.470

I use certbot with Ubuntu 16.04 + nginx There are two places to check jobs related to Certbot

1) /etc/cron.d/certbot

here you have

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew && nginx -s reload

2) systemd timer

run commnad: $sudo systemctl list-timers

and see output

Sun 2018-07-08 00:46:59 EEST 7h left Sat 2018-07-07 12:36:26 EEST 4h 51min ago certbot.timer certbot.service

then

3)

go to check file that control time when systemctl run Certbot

/etc/systemd/system/timers.target.wants/certbot.timer

that is symbolic link for

/lib/systemd/system/certbot.timer

Pay attention to this lines that define times + random seconds (set a random time for purpose to don't stress simultaneously letsencrypt servers)

OnCalendar=--* 00,12:00:00

RandomizedDelaySec=3600

change letsencrypt certbot run time

1 Answers1