0

I have installed certbot with the nginx module. Today I noticed that the cron that is installed automatically did not work. The cronjob in question is

/etc/cron.d/certbot

and the content was

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew

I debugged the script

test -x /usr/bin/certbot
echo $?
0

test -x /usr/bin/certbot -a \! -d /run/systemd/system
echo $?
1

and looked at the man-page for test. \! does not seems to be a valid argument for the -a flag.

I was able to run the cronjob using

0 */12 * * * root test -x /usr/bin/certbot -a -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew

My question is: what does the \! do and has it always been there?

I'm using

certbot 0.26.1
nginx version: nginx/1.14.0
Ubuntu 16.04.5
nwtnsqrd
  • 45
  • 1
  • 1
  • 5

2 Answers2

2

From man test:

EXPRESSION1 -a EXPRESSION2
both EXPRESSION1 and EXPRESSION2 are true

-a is a logical and

! negates the following expression, -d /run/systemd/system

So, this translates to:

IF /usr/bin/certbot exists and is executable AND NOT /run/systemd/system exists and is a directory.

The \ is just an escape so the crond doesn't interpret the ! directly.

As to why it is there ... you will have to ask the package maintainers. If this is reproducible it may be worthwhile to raise an issue in their bugtracker if the installation produces a nonworking result in your system.

Gerald Schneider
  • 19,757
  • 8
  • 52
  • 79
  • Thank you for your explanation! I did more research and its not a bug - this cronjob is not supposed to be working on Ubuntu 16, there it is handled via systemd timer. See https://dev-notes.eu/2017/09/letencrypt-certbot-on-ubuntu-xenial-xerus/ – nwtnsqrd Aug 03 '18 at 13:05
1

That cron job is ridiculous. It does nothing but fail, precisely because it's installed on a systemd system. The logic is intended to not execute certbot when run on a systemd system, specifically when the directory /run/systemd/system exists.

It's not how you're supposed to run certbot renew on a systemd system. You're meant to use the systemd timer.

The cron job would make sense on an old Ubuntu system that used upstart instead of systemd. So it's not clear why Ubuntu package maintainers put it in the current package at all. It's not a standard part of certbot.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940