Let's Encrypt 自動更新しなくなった

背景

前回の記事　CentOS 7.4 でLet's Encrypt をACME v2に更新しました
でACME V2にアップデートできたところまではよかったのですが、更新されてませんよ！と警告メールが来ました。

Your certificate (or certificates) for the names listed below will expire in 20 days (on 22 Jul 20 05:49 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.

確か、２年前には、crontabで以下の設定をしましたが、このままじゃだめらしい。

# crontab -u root -e
MAILTO=""
1 4 * * * certbot renew --quiet
1 5 * * * certbot renew --quiet

応急処置

ネットで自動更新の記事を探しましたがよくわからず、とりあえず手動で以下のようにやりました。

# ./certbot-auto certonly -d <ドメイン>
./certbot-auto has insecure permissions!
To learn how to fix them, visit https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/
Upgrading certbot-auto 1.3.0 to 1.5.0...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator apache, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ドメイン
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/ドメイン/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/ドメイン/privkey.pem
   Your cert will expire on 2020-09-30. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

手動では、期限が延びた！めでたし、めでたし。

根本対策

自動更新の設定をしたいのですが、まだ方法が見つかりません。
certbot-auto renew とかすればいいいのだろうか？　時間があるときに試してみます。