How do I schedule the Let's Encrypt certbot to automatically renew my certificate in cron?

I recently (April 2018) installed and ran certbot (version 0.22.2) on an Ubuntu 16.04 server, and a renewal cron job was created automatically in /etc/cron.d/certbot.

Here's the cron job that was created:

# /etc/cron.d/certbot: crontab entries for the certbot package
#
# Upstream recommends attempting renewal twice a day
#
# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc.  Renewal will only occur if expiration
# is within 30 days.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew

Please check this before putting a new Cron job.

So I settled on scheduling it to run once a day. First I tested auto-renew as the docs recommend:

sudo letsencrypt renew --dry-run --agree-tos

Then I updated the crontab:

sudo crontab -e

This is the line I added:

12 3 * * *   letsencrypt renew >> /var/log/letsencrypt/renew.log

This runs the renew everday at 3:12 am. I presume the docs recommend "a random minute within the hour" to distribute the load on the renew servers. So I suppose anything other than 0, 15, 30, or 45 is preferred.

I looked into randomizing the minute in the cron setting, like Jenkins allows you to do. On original EEF page is this Example:

0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew

Finally, I tested the cron command using sudo bash:

sudo bash -c "letsencrypt renew >> /var/log/letsencrypt/renew.log"

In Debian Jessie and up (incl. Ubuntu) cron is not executed for Certbot renewal. Instead the systemd timer is used. See timer: /lib/systemd/system/certbot.timer

This timer runs the following service: /lib/systemd/system/certbot.service

Which contains:

[Service]
Type=oneshot
ExecStart=/usr/bin/certbot -q renew
PrivateTmp=true

In order to list all the timers, execute the following command in the terminal:

systemctl list-timers

Hopefully Certbot is part of this:

Mon 2019-02-04 08:38:45 CET 9h left Sun 2019-02-03 15:25:41 CET 8h ago certbot.timer certbot.service

UPDATE:

Due to the down votes. I'll add how to install Certbot on a Debian based distro (it may vary depending on your Linux distribution).

But within Debian Stretch for example you can install the back-port package of certbot via:

sudo apt-get install certbot -t stretch-backports

This will install the files I showed above for you automatically! And thus automatically schedule a certbot timer for you, which runs the service, which runs again the renew.

Manually running a renew is always possible via:

sudo /usr/bin/certbot renew

Can be forced via --force-renewal flag. For more info see the help text of renew:

/usr/bin/certbot --help renew

Files part of the certbot package (incl. but not limited by):

dpkg-query -L certbot
...
/lib/systemd/system/certbot.service
/lib/systemd/system/certbot.timer
...