certbot version updgrade not implemented

Question

I want to update certbot to cope with following topic: How to stop using TLS-SNI-01 with Certbot

Before updgrade: certbot --version returns: certbot 0.26.1

As instructed in How to stop using TLS-SNI-01 with Certbot, I want to update to a version above 0.28.

I've looked how to upgrade on ubuntu I've executed:

apt-get install –only-upgrade python-certbot-apache

It returns:

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libapache2-mod-php7.0 php7.0-cli php7.0-common php7.0-json php7.0-opcache
  php7.0-readline python-acme python-augeas python-certbot python-cffi-backend
  python-chardet python-configargparse python-configobj python-cryptography
  python-dialog python-dnspython python-enum34 python-funcsigs python-idna
  python-ipaddress python-mock python-ndg-httpsclient python-openssl
  python-parsedatetime python-pbr python-pyasn1 python-requests python-rfc3339
  python-six python-tz python-urllib3 python-zope.component python-zope.event
  python-zope.hookable python-zope.interface
Use 'sudo apt autoremove' to remove them.
The following packages will be upgraded:
  python-certbot-apache
1 upgraded, 0 newly installed, 0 to remove and 270 not upgraded.
Need to get 3872 B of archives.
After this operation, 3072 B of additional disk space will be used.
Get:1 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 python-certbot-apache all 0.28.0-1+ubuntu16.04.1+certbot+3 [3872 B]
Fetched 3872 B in 0s (28.3 kB/s)
(Reading database ... 38437 files and directories currently installed.)
Preparing to unpack .../python-certbot-apache_0.28.0-1+ubuntu16.04.1+certbot+3_all.deb ...
Unpacking python-certbot-apache (0.28.0-1+ubuntu16.04.1+certbot+3) over (0.25.0-2+ubuntu16.04.1+certbot+1) ...
Setting up python-certbot-apache (0.28.0-1+ubuntu16.04.1+certbot+3) ...

So it looks like the update was successful.

Also when I do certbot --version it still returns: certbot 0.26.1

You have 270 not upgraded packages, is it possible there are some dependencies. If you need to keep the current version of some package use sudo apt-mark hold package-name and upgrade the rest. On my server certbot was upgraded without any issues. — pa4080, Jan 19 '19 at 09:39
Thanks for the clue @pa4080, I've updated packages python3-certbot and python3-certbot-apache. certbot --version returns certbot 0.28.0 now. Please post your answer, so I can mark it as resolved. — nyluje, Jan 19 '19 at 10:06
Possible duplicate of Failed to upgrade certbot on Ubuntu Bionic — pa4080, Jan 28 '19 at 15:18

pa4080 · Accepted Answer · 2019-01-19T17:20:21.127

You have 270 not upgraded packages, it is possible there are some dependencies. If you need to keep the current version of some package use sudo apt-mark hold package-name and upgrade the rest. Or find the dependencies that should be upgraded.

On my server certbot was upgraded without any issues, when I've used just sudo apt upgrade.

Based on the OP's report, the concrete answer of the question is both packages python3-certbot and python3-certbot-apache must be upgraded.

score 2 · Answer 2 · answered Jan 28 '19 at 14:10

The trick is to use

sudo apt-get dist-upgrade

If you just use sudo apt-get upgrade it will not find the new package.

Here are the full steps I used with Ubuntu 16 to upgrade certbot from 0.26 to 0.28:

1.) check certbot version. If lower that 0.28 it need to be updated.

certbot --version || /path/to/certbot-auto --version

2.) Run these commands to update certbot

sudo apt-get update
sudo apt-get dist-upgrade

3.) disable tls-sni-01 for certbot

sudo sh -c "sed -i.bak -e 's/^\(pref_challs.*\)tls-sni-01\(.*\)/\1http-01\2/g' /etc/letsencrypt/renewal/*; rm -f /etc/letsencrypt/renewal/*.bak"

4.) re run certbot:

sudo certbot renew --dry-run

certbot version updgrade not implemented

2 Answers2

Linked