On a Debian Stretch system at work, certbot was working but automatic renewals were not. The system is behind a proxy server and the
https_proxy environment variable was not being set when certbot ran unattended.
I wasted several hours tinkering with
/etc/cron.d/certbot before I realized that
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew
was preventing certbot from running if systemd was running.
/lib/systemd/system/certbot.service Add to the
So that the file is actually read.
Docs on this file at
man systemd.exec search