let’s encrypt: https_proxy systemd

On a Debian Stretch system at work, certbot was working but automatic renewals were not. The system is behind a proxy server and the https_proxy environment variable was not being set when certbot ran unattended.

I wasted several hours tinkering with /etc/cron.d/certbot before I realized that

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew

was preventing certbot from running if systemd was running.

Edit /lib/systemd/system/certbot.service Add to the [Service] section:

Environment="https_proxy=https://my_proxy_server:port" "http_proxy=http://my_proxy_server:port"

systemctl daemon-reload

So that the file is actually read.

Docs on this file at man systemd.exec search Environment=

2 Replies to “let’s encrypt: https_proxy systemd”

Leave a Reply

Your email address will not be published. Required fields are marked *