On a Debian Stretch system at work, certbot was working but automatic renewals were not. The system is behind a proxy server and the
https_proxy environment variable was not being set when certbot ran unattended.
I wasted several hours tinkering with
/etc/cron.d/certbot before I realized that
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew
was preventing certbot from running if systemd was running.
/lib/systemd/system/certbot.service Add to the
So that the file is actually read.
Docs on this file at
man systemd.exec search
2 Replies to “let’s encrypt: https_proxy systemd”
Don’t add directly into service file. Override it via systemctl edit certbot.service
I no longer have access to this environment, so cannot test.
As far as I can tell, this suggestion is correct: changes will not be overwritten if made in this way.
See https://www.linode.com/docs/guides/introduction-to-systemctl/#editing-a-unit-file for details.
Thanks very much for this suggestion.