Thanks @antony for the answer.
Yes, I know about port 80 and that only certificates that expire in 30 days are renewed.
journalctl -u certbot
Aug 29 05:18:08 pb systemd[1]: Starting certbot.service - Certbot...
Aug 29 05:18:09 pb systemd[1]: certbot.service: Deactivated successfully.
Aug 29 05:18:09 pb systemd[1]: Finished certbot.service - Certbot.
Aug 29 12:21:41 pb systemd[1]: Starting certbot.service - Certbot...
Aug 29 12:21:42 pb systemd[1]: certbot.service: Deactivated successfully.
Aug 29 12:21:42 pb systemd[1]: Finished certbot.service - Certbot.
less /var/log/letsencrypt/letsencrypt.log
2024-08-29 05:18:09,224:DEBUG:certbot._internal.main:certbot version: 2.1.0
2024-08-29 05:18:09,224:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2024-08-29 05:18:09,224:DEBUG:certbot._internal.main:Arguments: ['-q', '--no-random-sleep-on-renew']
2024-08-29 05:18:09,224:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-08-29 05:18:09,232:DEBUG:certbot._internal.log:Root logging level set at 40
2024-08-29 05:18:09,233:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/pb.mydomain.com.conf
2024-08-29 05:18:09,239:DEBUG:certbot._internal.plugins.selection:Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x7f618afe9150> and installer <certbot._internal.cli.cli_utils._Default object at 0x7f618afe9150>
2024-08-29 05:18:09,245:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): e6.o.lencr.org:80
2024-08-29 05:18:09,470:DEBUG:urllib3.connectionpool:http://e6.o.lencr.org:80 "POST / HTTP/1.1" 200 345
2024-08-29 05:18:09,471:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/pb.mydomain.com/cert1.pem is signed by the certificate's issuer.
2024-08-29 05:18:09,474:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/pb.mydomain.com/cert1.pem is: OCSPCertStatus.GOOD
2024-08-29 05:18:09,478:DEBUG:certbot._internal.display.obj:Notifying user: Certificate not yet due for renewal
2024-08-29 05:18:09,478:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2024-08-29 05:18:09,479:DEBUG:certbot._internal.plugins.selection:Selecting plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f618ddc2350>
2024-08-29 05:18:09,479:DEBUG:certbot._internal.display.obj:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2024-08-29 05:18:09,479:DEBUG:certbot._internal.display.obj:Notifying user: The following certificates are not due for renewal yet:
2024-08-29 05:18:09,479:DEBUG:certbot._internal.display.obj:Notifying user: /etc/letsencrypt/live/pb.mydomain.com/fullchain.pem expires on 2024-11-04 (skipped)
2024-08-29 05:18:09,479:DEBUG:certbot._internal.display.obj:Notifying user: No renewals were attempted.
2024-08-29 05:18:09,479:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2024-08-29 05:18:09,479:DEBUG:certbot._internal.renewal:no renewal failures
2024-08-29 12:21:41,953:DEBUG:certbot._internal.main:certbot version: 2.1.0
2024-08-29 12:21:41,953:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2024-08-29 12:21:41,953:DEBUG:certbot._internal.main:Arguments: ['-q', '--no-random-sleep-on-renew']
2024-08-29 12:21:41,953:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-08-29 12:21:41,961:DEBUG:certbot._internal.log:Root logging level set at 40
2024-08-29 12:21:41,962:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/pb.mydomain.com.conf
2024-08-29 12:21:41,968:DEBUG:certbot._internal.plugins.selection:Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x7f8205505190> and installer <certbot._internal.cli.cli_utils._Default object at 0x7f8205505190>
2024-08-29 12:21:41,974:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1):
2024-08-29 12:21:41,981:DEBUG:urllib3.connectionpool: "POST / HTTP/1.1" 200 345
2024-08-29 12:21:41,982:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/pb.mydomain.com/cert1.pem is signed by the certificate's issuer.
2024-08-29 12:21:41,984:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/pb.mydomain.com/cert1.pem is: OCSPCertStatus.GOOD
2024-08-29 12:21:41,988:DEBUG:certbot._internal.display.obj:Notifying user: Certificate not yet due for renewal
2024-08-29 12:21:41,989:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2024-08-29 12:21:41,989:DEBUG:certbot._internal.plugins.selection:Selecting plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f82081dcad0>
2024-08-29 12:21:41,989:DEBUG:certbot._internal.display.obj:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2024-08-29 12:21:41,989:DEBUG:certbot._internal.display.obj:Notifying user: The following certificates are not due for renewal yet:
2024-08-29 12:21:41,989:DEBUG:certbot._internal.display.obj:Notifying user: /etc/letsencrypt/live/pb.mydomain.com/fullchain.pem expires on 2024-11-04 (skipped)
2024-08-29 12:21:41,989:DEBUG:certbot._internal.display.obj:Notifying user: No renewals were attempted.
2024-08-29 12:21:41,989:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2024-08-29 12:21:41,990:DEBUG:certbot._internal.renewal:no renewal failures
It is clear that the renovation is automated. I understand that it is done with another mechanism that is not cron. But I don’t know which one it is, because there is no crontab when I run this command:
for user in $(cut -f1 -d: /etc/passwd); do echo “Crontab for $user:”; sudo crontab -u $user -l 2>/dev/null; echo; done
I think it can be through the NginX plugin. But I don’t know for sure. Maybe someone can clarify.
Thank you very much!