Finalize cron safety checks and renewal wording

Agent-Logs-Url: https://github.com/8bitDream/AmiiboAPI/sessions/0306bdf9-88cc-41dd-8bde-09039539f355

Co-authored-by: AbandonedCart <1173913+AbandonedCart@users.noreply.github.com>

Author: Copilot

README.md

@@ -52,8 +52,8 @@ This script:
 - Registers/requests a certificate with certbot (`amiiboapi.org,www.amiiboapi.org` by default)
 - Copies `fullchain.pem` and `privkey.pem` from `/etc/letsencrypt/live/amiiboapi.org/` into the project root
 - Sets file permissions to read/write for owner+group (`660`) on both certificate files
-- Installs `/etc/cron.d/amiiboapi-certbot` to run daily renewal checks
-- `certbot renew` renews 90-day certificates when they have 30 days or less remaining
+- Installs `/etc/cron.d/amiiboapi-certbot` to run renewal checks twice daily
+- `certbot renew` renews certificates (90-day validity) when they have 30 days or less remaining
 
 > [!IMPORTANT]
 > `certbot --standalone` needs port `80` available. Stop any process using port `80` before running issuance if needed.

scripts/certbot_certificate.sh

@@ -72,13 +72,13 @@ renew_certificate() {
 
 install_renewal_schedule() {
   local cron_cmd cron_line
-  if [[ "$SCRIPT_PATH" == *" "* || "$LOG_FILE" == *" "* ]]; then
-    echo "SCRIPT_PATH and LOG_FILE must not contain spaces for cron setup." >&2
+  if [[ ! "$SCRIPT_PATH" =~ ^[A-Za-z0-9._/-]+$ || ! "$LOG_FILE" =~ ^[A-Za-z0-9._/-]+$ ]]; then
+    echo "SCRIPT_PATH and LOG_FILE contain unsupported characters for cron setup." >&2
     exit 1
   fi
 
   cron_cmd="/bin/bash \"$SCRIPT_PATH\" renew >> \"$LOG_FILE\" 2>&1"
-  cron_line="0 3 * * * root $cron_cmd"
+  cron_line="0 3,15 * * * root $cron_cmd"
 
   run_as_root touch "$LOG_FILE"
   run_as_root chmod 644 "$LOG_FILE"