5

I have installed previously Certbot on Ubuntu, but I believe the package wasn't yet available for this distribution yet, so I believe I installed it from a pre-built package (maybe, I'm really not sure). Anyway, right now I have certbot 0.26.1 installed:

certbot --version
certbot 0.26.1

I tried to install it using the guide from here: https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx

Here are some outputs from the current system:

apt-get install python-certbot-nginx 
python-certbot-nginx is already the newest version (0.28.0-1+ubuntu18.04.1+certbot+3).


certbot --version
certbot 0.26.1

which certbot
/usr/bin/certbot

dpkg-query -L python-certbot-nginx 
/.
/usr
/usr/share
/usr/share/doc
/usr/share/doc/python-certbot-nginx
/usr/share/doc/python-certbot-nginx/changelog.Debian.gz
/usr/share/doc/python-certbot-nginx/copyright

so it looks like to me, that "python-certbot-nginx" package doesn't install any binaries. That am I doing wrong here? I have some totally different packages that can be upgraded (e.g. MySQL, PHP), but I can upgrade these only this sunday. But I believe this is absolutely unrelated to my problem. Thanks!

pa4080
  • 29,831
Lippai Zoltan
  • 53

1 Answers1

4

Try with the following commands (replace -nginx with -apache if you need) to get the latest version of CertBot:

sudo apt update
sudo apt install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt update

If this is a new installation or it's not a problem to upgrade all packages on your system:

sudo apt install python-certbot python-certbot-nginx
sudo apt install python3-certbot python3-certbot-nginx 
sudo apt upgrade

If you do not want to upgrade all packages in your system, then you can use:

sudo apt install --only-upgrade python-certbot python-certbot-nginx
sudo apt install --only-upgrade python3-certbot python3-certbot-nginx

References:

Reasons to update - from Let's Encrypt newsletter:

TLS-SNI-01 validation is reaching end-of-life. It will stop working temporarily on February 13th, 2019, and permanently on March 13th, 2019. Any certificates issued before then will continue to work for 90 days after their issuance date.

You need to update your ACME client to use an alternative validation method (HTTP-01, DNS-01 or TLS-ALPN-01) before this date or your certificate renewals will break and existing certificates will start to expire.

Our staging environment already has TLS-SNI-01 disabled, so if you'd like to test whether your system will work after February 13, you can run against staging: https://letsencrypt.org/docs/staging-environment/

If you're a Certbot user, you can find more information here: https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210

Our forum has many threads on this topic. Please search to see if your question has been answered, then open a new thread if it has not: https://community.letsencrypt.org/

For more information about the TLS-SNI-01 end-of-life please see our API announcement: https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209

pa4080
  • 29,831
  • Well, basically this is exactly what I did, to get here. (Except for the last upgrade command, which I'll be able to run this Sunday. But it looks to me, that it has now listed cerbot in the list of packages that will be upgraded, so hopefully that will sort it out. Maybe this is because of some dependencies. – Lippai Zoltan Jan 28 '19 at 11:18
  • @LippaiZoltan, yes, please review the third reference in the answer. If you need you could use sudo apt install --only-upgrade python-certbot.... I just used the above commands to get CertBot 0.28.0 on my freshly installed Ubuntu Bionic. – pa4080 Jan 28 '19 at 11:25
  • That did the trick, I have now v0.28 installed without upgrading all the other packages. Thanks! – Lippai Zoltan Jan 28 '19 at 15:14
  • I'm glad to help, @LippaiZoltan. – pa4080 Jan 28 '19 at 15:16