Cron job configuration error, unclear what is wrong

I’ve configured a Leap 15.3 server and I want to run cert-bot daily to auto renew installed certificates. Following the SDB article: https://en.opensuse.org/SDB:Cron I have created a cron file to execute cert-bot, however I receive e-mail that there is an error with my script:


running daily cronjob scripts

SCRIPT: cert-bot exited with RETURNCODE = 127.
SCRIPT: output (stdout && stderr) follows

/etc/cron.daily/cert-bot: line 1: 01: command not found
SCRIPT: cert-bot
------- END OF OUTPUT

But based upon the SDB article I don’t see what is wrong with my cron task:

sudo cat /etc/cron.daily/cert-bot  
[sudo] password for root:  
01 3,15 * * * root /usr/bin/certbot renew --post-hook "systemctl restart apache2.service"

Does somebody have some pointers as to what I’m doing wrong?

Hi
Not really sure of the issue, cron is dead :wink: Look at a systemd timer and service, for example https://k4yt3x.com/automatically-renew-certbot-certificates-with-systemd-timers/

The other issue you have is only a few weeks left before Leap 15.3 goes E.o.L, look at upgrading to Leap 15.4…

Scripts in /etc/cron.daily are exactly that - scripts. They are not crontabs. Nor does article you mention recommends creating crontabs in these directories.

I am not sure, but you should not enter a crontab entry in /etc/cron.daily (and the like), because those time indications are not needed. It is already run once a day.
A crontab entry (with the time/frequency specification) shoul go in a crontab. For root that is, as root do:

crontab -e

And while it might be true that systemd is now handling this, IMHO it will process crontabs as always for years and years to come.

Well, @avidjaar was first, but that is indeed the message.

When you prefer to do this with a script in cron.daily, then make it a script:

#!/usr/bin//bin/bash
/usr/bin/certbot renew --post-hook "systemctl restart apache2.service"

Aha. Thanks. I have changed it into a script in the cron.daily directory.
Probably Systemd is the way forward, but that involves way too many lines, where as I’m now done with 2 lines and putting it in the right directory. :slight_smile:

Thanks for the input!

You could always try this package: “certbot-systemd-timer-0.0-bp153.1.15.noarch.rpm”

(http://download.opensuse.org/distribution/leap/15.3/repo/oss/noarch/)

Looks like all the leg-work has been done for you :wink:

From the package “README”

*# Automated renewal of certificates
*
*This package includes an optional systemd timer to handle certbot certificate renewals.

This timer is set to run daily, with a random fudge factor of a 6 hours applied.

To enable the timer based renewals:

systemctl enable --now certbot-renew.timer

The timer makes use of /etc/sysconfig/certbot to customise the behaviour.

Unless there is a plugin that automates restarts (eg the apache plugin) it is
important to configure a command to restart anything that uses the certificates
*