Upgrading Certbot Version from 0.24 to 0.30.2 and failing

Hoping someone can help.

Leap 15 with apache

My current version of certbot is version 0.24 and i need to upgrade to at least 0.28 and i’m failing. An upgrade isn’t, well i can’t get yast to find and upgrade certbot.

I have downloaded and unpacked version 0.30.2 and i’m failing to upgrade. I believe that i’m supposed to run ./certbot-auto at the end of which i still have version 0.24

Where am i going wrong?

I don’t use certbot, but from reading the certbot documentation including its help file at

https://certbot.eff.org/docs/using.html

It looks like if certbot wasn’t modified by wherever you first obtained it, it’s supposed to upgrade itself automatically. And even if self-upgrading automatically has been disabled, it should be simple to re-enable self-upgrading (although you might have to look for where it would have been disabled).

If you need to find where certbot was modified, according to the docs, you might start by looking for a script (or plain file) called certbot-auto. The other place I’d check would be if someone decided to create a systemd Unit file.

Post again if you find your certbot isn’t as I described.

HTH,
TSU

Thank you for your reply.

Certbot was initially installed via Yast.

Certificates have been updating successfully without issues.

I’ve had an email from LetsEncrypt saying that i need to upgrade certbot to at least version 0.28. Yast can’t find an upgrade for certbot! I keeps finding version 0.24.

don’t know where to look to find out if certbot upgrades are in some way disabled. Googled it and can’t find any reference to being able to either enable or disable certbot from updating itself to newer versions.

Certificates are updating but will fail on or after March 13th, 2019.

Here’s LetsEncrypt’s email:

Action may be required to prevent your Let’s Encrypt certificate renewals

from breaking.

If you already received a similar e-mail, this one contains updated

information.

Your Let’s Encrypt client used ACME TLS-SNI-01 domain validation to issue

a certificate in the past 60 days. Below is a list of names and IP

addresses validated (max of one per account):

XXXXXXXXX.co.uk (XXX.XXX.XXX.XXX) on 2018-28-04

TLS-SNI-01 validation is reaching end-of-life. It will stop working

temporarily on February 13th, 2019, and permanently on March 13th, 2019.

Any certificates issued before then will continue to work for 90 days

after their issuance date.

You need to update your ACME client to use an alternative validation

method (HTTP-01, DNS-01 or TLS-ALPN-01) before this date or your

certificate renewals will break and existing certificates will start to

expire.

Our staging environment already has TLS-SNI-01 disabled, so if you’d like

to test whether your system will work after February 13, you can run

against staging: https://letsencrypt.org/docs/staging-environment/

If you’re a Certbot user, you can find more information here:

https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210

Our forum has many threads on this topic. Please search to see if your

question has been answered, then open a new thread if it has not:

https://community.letsencrypt.org/

For more information about the TLS-SNI-01 end-of-life please see our API

announcement:

https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209

Thank you,

Let’s Encrypt Staff

downloaded the latest version from: https://github.com/certbot/certbot/archive/v0.30.2.tar.gz

unpacked it and ran the command pip install certbot-apache and all went well. certbot upgraded to version 0.30.2 and a dry run to test completed without errors

Hello,
Recommend you also submit a bug to https://bugzilla.opensuse.org referencing this Forum thread.

The maintainer may have made a decision to disable auto-updating from certbot (not through the OSS), as I described the first place to look at a possible modification should be if a certbot-auto file exists on your machine.

Regardless what modification might have been made, according to what you posted it’s somewhat urgent to update the package soon anyway.

TSU

Am Mon, 28 Jan 2019 15:26:03 +0000 schrieb akwe-xavante:

> Hoping someone can help.
>
> Leap 15 with apache
>
> My current version of certbot is version 0.24 and i need to upgrade to
> at least 0.28 and i’m failing. An upgrade isn’t, well i can’t get yast
> to find and upgrade certbot.

Version in Leap is to old and will with its config never run.
You must change some in cli.ini

Must change
server to acme-v02
and preferred-challenges to something http,dns

Or you install version from my repo.
https://software.opensuse.org/ymp/home:ecsos:server/openSUSE_Leap_15.0/
python-certbot.ymp?base=openSUSE%3ALeap%3A15.0&query=python-certbot

Regards
Eric

The issue in current opensuse 15.0 package:certbot --version
certbot 0.30.2

It seems to be that it installs certificates and maintains configuration in /etc/certbot instead of default /etc/letsencrypt BUT does not use it from there for many commands such as:


certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No certs found.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

or:


certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

This can be solved by one of following ways:
a) using –config-dir /etc/certbot option every time
b) creating /etc/letsencrypt while maintaining /etc/certbot for opensuse compatibilitysudo mv /etc/letsencrypt /etc/letsencrypt.empty
sudo mv /etc/certbot /etc/letsencrypt
sudo ln -s /etc/letsencrypt /etc/certbot

Either a) or b) should work

Hope it helps, Tomas