py37-certbot question

[Valeri Galtsev]

Dear Experts,

I hope, someone knows details of python3 based certbot. Namely, if run 
with "update" command, it updated certificates that will expire "soon". 
How soon, it doesn't say in man page, just soon. Does someone know how 
close to expiration cert should be to be considered by the script for 
renewal.

I use certbot since its python 2 version - for quite some time actually 
to renew LetsEncrypt certificates. With python2 version in the past I 
run cron job daily and I was restarting apache from that same script if 
certificate was updated. With python3 version when I switched to it I 
followed somebody's HOWTO, and just added to /etc/periodic.conf:

weekly_certbot_enable="YES"
weekly_certbot_service="apache24"

And was living happily ever since. However, one of the machines is about 
4 days before expiration, Letsencrypt sent me notification: update cert. 
I checked, and crond is runnning, /etc/periodic.conf is as expected, and 
now, 4 days before expiration script (with --dry run flag) indeed goes 
about renewing the cert. There is one weekly cron jobs set that will 
happen before actual expiration of my certs, so I somehow think all is 
OK and my cert will be renewed.

But I am just curios how many days before expiration certbot does renew 
certificate that will expire "soon".


Or should I probably switch it over to daily cron job?

As every lazy sysadmin, I do prefer to set things up so they definitely 
work without my attention. And I do not want to be reminded to do 
something it it will still happen on its own. So, switch to daily cron job?


Thanks.
Valeri

-- 
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++