ansible-role-certbot icon indicating copy to clipboard operation
ansible-role-certbot copied to clipboard

Published 20 hours ago verified publisher icon geerlingguy

Why add cron if there's systemd timer

Open simPod opened this issue 7 months ago • 1 comments
trafficstars

Hi isn't the cron setup redundant?

The certbot installed systemd timer that takes care of cert renewal

# systemctl status certbot.timer
● certbot.timer - Run certbot twice daily
     Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; preset: enabled)
     Active: active (waiting) since Sun 2025-04-20 11:40:13 UTC; 23h ago
    Trigger: Mon 2025-04-21 19:36:11 UTC; 8h left
   Triggers: ● certbot.service

Apr 20 11:40:13 debian-bullseye-template systemd[1]: Started certbot.timer - Run certbot twice daily.

simPod avatar Apr 21 '25 11:04 simPod

I think you can set certbot_auto_renew to disable the cron stuff. I don't know if every certbot installation method provides a systemd timer. Personally I prefer to use the systemd timer, too.

jmtd avatar May 08 '25 12:05 jmtd

This unfortunately depends on the system. Example: Installing certbot from conda will not provide a systemd service.

Also, configuring renewal parameters would need an alternative solution if we do not use cron jobs...

Hoeze avatar Jul 31 '25 19:07 Hoeze

would it make sense to provide a systemd service + timer directly as part of this role?

Hoeze avatar Jul 31 '25 19:07 Hoeze

I've accounted for that in my fork and disabled the builtin systemd timers if certbot_auto_renew: true is set and certbot is running on either debian/ubuntu or rhel-derivates.

If more tweaks are needed - PRs welcome.

pat-s avatar Sep 09 '25 20:09 pat-s