I've installed certbot on an Ubuntu 16.04 host using the PPA.
I can see that the certbot timer is configured to run and that it's running:
jaraco@punisher:~$ sudo systemctl status certbot
● certbot.service - Certbot
Loaded: loaded (/lib/systemd/system/certbot.service; static; vendor preset: enabled)
Active: inactive (dead) since Wed 2018-12-26 01:02:41 UTC; 15h ago
Docs: file:///usr/share/doc/python-certbot-doc/html/index.html
https://letsencrypt.readthedocs.io/en/latest/
Process: 18502 ExecStart=/usr/bin/certbot -q renew (code=exited, status=0/SUCCESS)
Main PID: 18502 (code=exited, status=0/SUCCESS)
Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
jaraco@punisher:~$ cat /lib/systemd/system/certbot.service
[Unit]
Description=Certbot
Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html
Documentation=https://letsencrypt.readthedocs.io/en/latest/
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot -q renew
PrivateTmp=true
Yet, today I noticed that one of the sites managed by certbot had an expired certificate (24 Dec).
I ran sudo certbot renew and the certificate renewed properly.
So what is wrong? Why would the timer run successfully but fail to renew an expiring (or expired) certificate when running the command manually works just fine?
