I saw that this morning I had a problem with the certificate, it was expired, so I run again “ansible-playbook server.yml -e env=production --tags letsencrypt” and it is all ok now.
I would like to know how works the automatic renewal cron-job, the documentation says:
There is one main difference between LE and other certificate authorities: their certificates expire every 90 days . Trellis automates by running a cron-job so you never have to manually renew them or worry about them expiring like a paid certificate.
I had the feeling that this cron-job was already automatically configured in Trellis, but now I am wondering if I need to set up the cron-job somewhere in the settings?
I am on DO droplet and my trellis version is not very old (july 2018), do you have any idea why the cron-job have failed?
What I can do to check if the cron-job is correctly in place?
is there any test that I can run just to be sure that the cron-job will work the next time (90 days from today)?
I tried to run cd /var/lib/letsencrypt && ./renew-certs.py && /usr/sbin/service nginx reload
but i received this error -bash: cd: /var/lib/letsencrypt: Permission denied
I tried with the admin user and with the web user, but with the same result.
I checked the /var/log/syslog with this command (sudo grep cron /var/log/syslog), this is what I can see:
Aug 20 15:15:01 xxxxx-production CRON: (web) CMD (cd /srv/www/xxxxx.co.uk/current && wp cron event run --due-now > /dev/null 2>&1)
Aug 20 15:17:01 xxxxx-production cron: Authentication token is no longer valid; new one required
another test that I did, it was to check (via SFTP) the Chmod permissions of the /var/lib/letsencrypt folder.
the Chmod permission is 700, owner and group are root.
is this right?
what else I can try to do? any other ideas?