I've seen conflicting recommendations. From the eff.org docs:
if you're setting up a cron or systemd job, we recommend running it twice per day... Please select a random minute within the hour for your renewal tasks.
I've also seen recommendations for weekly jobs.
I'm not a cron expert, so I'd prefer an answer with detailed steps for setting up the cron job.
I recently (April 2018) installed and ran certbot (version 0.22.2) on an Ubuntu 16.04 server, and a renewal cron job was created automatically in /etc/cron.d/certbot.
Here's the cron job that was created:
# /etc/cron.d/certbot: crontab entries for the certbot package
#
# Upstream recommends attempting renewal twice a day
#
# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc. Renewal will only occur if expiration
# is within 30 days.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew
Please check this before putting a new Cron job.
Update (From #Hamish Downer's comment):
It's worth being aware that the above cron job won't run certbot renew if /run/systemd/system is present - this is because instead a systemd timer is running certbot - read more about certbot and systemd timers here.
So I settled on scheduling it to run once a day. First I tested auto-renew as the docs recommend:
sudo letsencrypt renew --dry-run --agree-tos
Then I updated the crontab:
sudo crontab -e
This is the line I added:
12 3 * * * letsencrypt renew >> /var/log/letsencrypt/renew.log
This runs the renew everday at 3:12 am. I presume the docs recommend "a random minute within the hour" to distribute the load on the renew servers. So I suppose anything other than 0, 15, 30, or 45 is preferred.
I looked into randomizing the minute in the cron setting, like Jenkins allows you to do.
On original EEF page is this Example:
0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew
Finally, I tested the cron command using sudo bash:
sudo bash -c "letsencrypt renew >> /var/log/letsencrypt/renew.log"
In Debian Jessie and up (incl. Ubuntu) cron is not executed for Certbot renewal.
Instead the systemd timer is used. See timer: /lib/systemd/system/certbot.timer
This timer runs the following service: /lib/systemd/system/certbot.service
Which contains:
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot -q renew
PrivateTmp=true
In order to list all the timers, execute the following command in the terminal:
systemctl list-timers
Hopefully Certbot is part of this:
Mon 2019-02-04 08:38:45 CET 9h left Sun 2019-02-03 15:25:41 CET
8h ago certbot.timer certbot.service
UPDATE:
Due to the down votes. I'll add how to install Certbot on a Debian based distro (it may vary depending on your Linux distribution).
But within Debian Stretch for example you can install the back-port package of certbot via:
sudo apt-get install certbot -t stretch-backports
This will install the files I showed above for you automatically! And thus automatically schedule a certbot timer for you, which runs the service, which runs again the renew.
Manually running a renew is always possible via:
sudo /usr/bin/certbot renew
Can be forced via --force-renewal flag. For more info see the help text of renew:
/usr/bin/certbot --help renew
Files part of the certbot package (incl. but not limited by):
dpkg-query -L certbot
...
/lib/systemd/system/certbot.service
/lib/systemd/system/certbot.timer
...
Ok. So being on Debian (or Ubuntu) with systemd I had probably the same problem like others - cron job not firing. I needed to make some extra steps and observations not mentioned elsewhere, so making separate answer for it.
In my case the /etc/systemd/system/ directory exists, so the job in /etc/cron.d/certbot stops at the initial test.
BUT the /etc/systemd/system/certbot.timer was a pointer to /dev/null. That means it is a masked timer. When I did systemd unmask certbot.timer the link was removed, but I had nothing to replace it with (tried locate certbot.timer but none was installed on my system). I could also still see the timer in systemd list-timers --all, but it was an emtpy file so removed that too using systemd disable certbot.timer. The service in /etc/systemd/system/certbot.service was completely absent.
So after actually cleaning all the certbot-related stuff from /etc/systemd/system/ I created the necessary files manually.
# /etc/systemd/system/certbot-renewal.service
[Unit]
Description=Certbot Renewal
[Service]
ExecStart=/usr/local/bin/certbot -q renew --post-hook "systemctl reload nginx"
# /etc/systemd/system/certbot-renewal.timer
[Unit]
Description=Run certbot twice daily
[Timer]
OnCalendar=*-*-* 00,12:00:00
RandomizedDelaySec=43200
Persistent=true
[Install]
WantedBy=timers.target
The timer file content comes from this answer.
I started and checked the whole thing by running:
sudo systemctl start certbot-renewal.timer
sudo systemctl enable certbot-renewal.timer
sudo systemctl list-timers --all
sudo journalctl -u certbot-renewal.service
Few more notes:
I have certbot in /usr/local/bin/certbot instead of /usr/bin/certbot (figured using which certbot), don't know why.
I'm using nginx, so need to reload it in the post-hook to take the renewed certs into account.
Normally while you run a certbot for any webserver in an Ubuntu 16.04 server it automatically creates a cron
#cat /etc/cron.d/certbot
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew
Adding the following line to /etc/crontab runs renewal attempt daily on a random minute between 00:00 and approximately 16:40:
1 1 * * * root sleep ${RANDOM:0:3}m && /home/admin/certbot-auto renew --quiet --no-self-upgrade --authenticator webroot --installer apache -w /var/www/mywebroot
Works great for more than a year now.
The renew command itself may vary for you - I used webroot as it seemed most robust at that time.
for renew every 2 month:
#nano /etc/cron.d/certbot
30 03 01 */2 * echo "2" | certbot --nginx -v -d yourdomain.com
To keep simple set a timer to validate automatically:
systemctl status certbot.timer
Related
I created a telegram bot using pyrogram and it crashes after few hours. Sometimes I stop the EC2 myself to reduce the cost. I created these cron jobs inside /etc/crontab but it seems they are not working as expected.
Cronjob 1 is to run the python file after EC2 reboot.
Cronjob 2 is to restart the bot if it got crashed.
Here is my crontab content.
#reboot sudo pgrep -f bot.py || sudo nohup /usr/bin/python3 /home/ubuntu/bot.py & > /home/ubuntu/startOnReboot.log
*/2 * * * * sudo pgrep -f bot.py || sudo nohup /usr/bin/python3 /home/ubuntu/bot.py & > /home/ubuntu/restartBotAfterCrash.log
I would like to know whether my cronjob is not correct or any solution better than this approach.
You shouldn't use sudo in the cronjob, use sudo crontab -e instead to have it run as root.
Futhermore, & > is different from &> - did you mean to redirect all output to the specified file or run the cronjob in the background and redirect stdout? If it's the latter, you don't need to tell cron to run it as a background job and the redirection should come before the ampersand (which you should drop anyway).
Last, you probably want to use a systemd service for this instead.
I am new to setting up cronjobs and I'm trying to do it on a virtual machine in google compute engine. After a bit of research, I found this StackOverflow question: Running Python script at Regular intervals using Cron in Virtual Machine (Google Cloud Platform)
As per the answer, I managed to enter the crontab -e edit mode and set up a test cronjob like 10 8 * * * /usr/bin/python /scripts/kite-data-pull/dataPull.py. I also checked the system time, which was in UTC, and entered the time according to that.
The step I'm supposed to take, as per the answer, is to run sudo systemctl restart cron which is throwing an error for me:
sudo systemctl restart cron
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down
Any suggestions on what I can do to set up this cronjob correctly?
Edit a cron jobs with crontab -e and inset a line:
* * * * * echo test123 > /your_homedir_path/file.log
That will write test123 every minute into file.log file.
Then do tail if and wait a couple minutes. You should see test123 lines appearing in the file (and screen).
If it runs try running your python file but first make your .py file executable with "chmod +x script.py"
Here you can find my reply to similar question.
Hi everyone would do with some advise
Can not get this simple task working
0 17 * * * wget -m ftp://usarname:password#host.com:port/remote/folder -P /local/folder
what im doing wrong ?
if i run it in terminal line:
wget -m ftp://usarname:password#host.com:port/remote/folder -P /local/folder
it is working as expected but if i add under crontab -e nothing happens.
I would like cron job to check files every day at 17:00 for changes.
thanks in advance
Forgot to restart cron service. Now just need to make it all end to end encrypted.
if you make any changes to services do not forget to restart them :)
restart cron
I'm using CentOS 7, and installed "cronie"
yum install cronie
I have a shell to backup my home folder, shell's content (of course, backup.sh is 775)
#!/bin/bash
#START
TIME=`date +%Y-%m-%d_%Hh%M`
FILENAME=backupHome_123.30.150.29_$TIME.tar.gz
SRCDIR=/home
DESDIR=/backup
tar -cpvzf $DESDIR/$FILENAME $SRCDIR
#END
And add to crontab -e
00 2 * * * /bin/bash /backup/backup.sh
But crontab does nothing. When I check log at /var/log/cron only, something like that and no more error or processing log
May 1 00:26:08 app crontab[12041]: (root) END EDIT (root)
May 1 00:33:21 app crontab[12086]: (root) BEGIN EDIT (root)
May 1 00:34:25 app crontab[12086]: (root) END EDIT (root)
Anyone can give me some advises to make crontab work?
Thank you.
I found that the most useful information was actually given by
systemctl status crond
Which revealed that it failed to load correctly due to an "Unauthorized SELinux context" error.
This can happen if cron daemon isn't running.
Check it with:
pgrep cron
If command returns nothing, run:
systemctl restart crond
This should help.
You want to make sure cron is started & that it is started if your server reboots so you need two commands on CentOS 7 to make sure of this:
systemctl enable crond && systemctl restart crond
If you are used to using sudo, you can add sudo in front of above command. like this:
sudo systemctl enable crond && systemctl restart crond
YOU WILL get confirmation from system, something like:
Created symlink from /etc/systemd/system/multi-user.target.wants/crond.service to /usr/lib/systemd/system/crond.service.
Then lastly check cron is running
pgrep cron
I know that I'm late to answer you, but maybe someone will have this kind of problem. It is possible that CRON can't run the script because the path is not correct.
Your path is
00 2 * * * /bin/bash /backup/backup.sh
I guess that path should be:
00 2 * * * sh /bin/bash/backup/backup.sh
Only difference is space after bash directory and sh command at the start of CRON job.
You have to add username before your command like this for example :
1 * * * * root or username /usr/bin/php /var/www/html/yourwebsite/yourscript.php
I am hosting Tiny Tiny RSS site hosted on
Amazon Linux AMI
To update the feed automatically I have to run the following Cron job.
Reference
http://tt-rss.org/redmine/projects/tt-rss/wiki/UpdatingFeeds
*/30 * * * * /usr/bin/php /var/www/html/tt-rss/update.php --feeds --quiet
Here is the step I did:
sudo su
cd /etc
crontab -e
# add this line
*/30 * * * * /usr/bin/php /var/www/html/tt-rss/update.php --feeds --quiet
But I still got the message "Update Daemon is not running".
May I know, is this correct step for Cron job?
You should enter these commands on Amazon Linux 2:
sudo systemctl start crond
sudo systemctl enable crond
This sounds like crond is not running. In which case:
service crond start
chkconfig crond on
You should first inspect the cron log file /var/log/cron and look for any errors. This will probably give you the answer. Also make sure you can run the command successfully on the command line (/usr/bin/php /var/www/html/tt-rss/update.php --feeds --quiet).
Please check the spaces, it could be because of spaces are not placed correctly
Simply do : * * * * * wget -o - -q -t 1 "your url with cron file"
Please remove the "--quiet" part from your cron command and check the log and feed again