Renewing Let's Encrypt certificates using a systemd timer
- 
 Create a service unit file in /etc/systemd/system/certbot-renewal.service[Unit] Description=Certbot Renewal [Service] ExecStart=/usr/bin/certbot renew --post-hook "systemctl restart httpd"Create the timer unit file /etc/systemd/system/certbot-renewal.timer[Unit] Description=Timer for Certbot Renewal [Timer] OnCalendar=*-*-* 01,13:00:00 RandomizedDelaySec=3600 Unit=certbot-renewal.service [Install] WantedBy=multi-user.targetstart the timer 
 systemctl start certbot-renewal.timerenable to start the timer on boot 
 sudo systemctl enable certbot-renewal.timerstatus 
 systemctl status certbot-renewal.timerjournal 
 journalctl -u certbot-renewal.service*Included JB's timer. 
- 
 Reserved 
- 
 Any benefit to doing it this way vs standard cron? 
- 
 @nashbrydges said in Renewing Let's Encrypt certificates using a systemd timer: Any benefit to doing it this way vs standard cron? Because system D is the standard now 
- 
 @jaredbusch Thanks 
- 
 @nashbrydges said in Renewing Let's Encrypt certificates using a systemd timer: Any benefit to doing it this way vs standard cron? systemd timers are systemd services with all their capabilities for resource management, which is great. You can create dependencies on activation time. systemctl enable/disableworks with it if you just want to stop it and check what is going on. Actual easily readable logging. Bunch of stuffCron benefits are that it's a single line and I don't think systemd can do something like MAILTO on a failure. 
- 
 @nashbrydges said in Renewing Let's Encrypt certificates using a systemd timer: @jaredbusch Thanks Also if you install Fedora Server 28 as a minimal base environment, cronie isn't even installed. 
- 
 @black3dynamite said in Renewing Let's Encrypt certificates using a systemd timer: @nashbrydges said in Renewing Let's Encrypt certificates using a systemd timer: @jaredbusch Thanks Also if you install Fedora Server 28 as a minimal base environment, cronie isn't even installed. Didn't know that but it makes sense. 
- 
 @wirestyle22 said in Renewing Let's Encrypt certificates using a systemd timer: sudo systemctl enable certbot-renewal.timer As I did this again today, I thought I would post my quick tweak to this because I do not like the idea of it running hourly. I set mine to run twice a day with a 1 hour randomizer. [Timer] OnCalendar=*-*-* 01,13:00:00 RandomizedDelaySec=3600 Unit=certbot-renewal.service 



