+++ /dev/null
-# /etc/cron.d/certbot: crontab entries for the certbot package
-#
-# Upstream recommends attempting renewal twice a day
-#
-# Eventually, this will be an opportunity to validate certificates
-# haven't been revoked, etc. Renewal will only occur if expiration
-# is within 30 days.
-SHELL=/bin/sh
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-
-# plomlompom added the --webroot -w /var/www/html/ so that renewal
-# works with nginx running.
-0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew --webroot -w /var/www/html/
--- /dev/null
+[Unit]
+Description=Certbot
+Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html
+Documentation=https://letsencrypt.readthedocs.io/en/latest/
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/certbot -q renew --webroot -w /var/www/html/
+PrivateTmp=true