Attempting to parse the version 0.24.0 renewal configuration file found with version 0.14.2 of Certbot


#1

Hello!

I run command: sudo certbot --apache -d xxx sitename

And result:

This log line repeated 12 times all my https pages:

Attempting to parse the version 0.24.0 renewal configuration file found at /etc/letsencrypt/renewal/xxxx.conf with version 0.14.2 of Certbot. This might not work.

And final log lines are:
Obtaining a new certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

  1. Do I get new certificate correctly when current certificates end?
  2. What should I do to get new certificate to my current http page?
    I have site http conf file /etc/apache2/sites-available/xxx.conf
    and symbol link /etc/apache2/sites-enabled/xxx.conf -> …/sites-available/xxx.conf

Yours Timo


#2

Please tell me what shoud I do

  • Do I get new certificates correctly when current certificates end?
  • How I can get to my current http page certificate?
  • Can I manually do something?

Must I update certbot ? I have python 2.7.6 and Ubuntu Server LTS 14.04


#3

There seem to be two issues.

  1. Your Certbot has somehow downgraded itself from 0.24 to 0.14. Or maybe you used certbot-auto previously?
  2. Your Certbot is trying to use TLS-SNI, which has been disabled: IMPORTANT: What you need to know about TLS-SNI validation issues

You should be able to solve both problems by just upgrading Certbot back to the current version, you can use the Certbot Ubuntu PPA: https://certbot.eff.org/lets-encrypt/ubuntutrusty-apache

Once you do that, running your command should just work. Using --apache should automatically install the certificate to your Apache virtual hosts, and it should also automatically renew.


#4

“Or maybe you used certbot-auto previously?”
Yes I use certbot-auto. My certbot version has years be 0.14.
So I wonder if there something went wrong with current working certificates
if I run:
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update


#5

Or maybe there are more than one installation:
find / -name certbot
which certbot
find / -name certbot-auto
which certbot-auto


#6

I run those commands and result is here:
I think there is just one installation
or do I understand right?

root:~# find / -name certbot
/usr/share/doc/certbot
/usr/bin/certbot
/usr/lib/python2.7/dist-packages/certbot
/opt/eff.org/certbot
/opt/eff.org/certbot/venv/bin/certbot
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot
/etc/cron.d/certbot
/home/xxx/.local/share/letsencrypt/bin/certbot
/home/xxx/.local/share/letsencrypt/lib/python2.7/site-packages/certbot

root:~# which certbot
/usr/bin/certbot

root:~# find / -name certbot-auto
/root/certbot-auto

root:~# which certbot-auto
root:~#

Just one question is my mind. https certificate is
new even certbot version has been old long time.
So old version certbot-auto works right. I just can get
totally new certificate for new site with this old version.

So I just run
sudo apt-get install --only-upgrade certbot
and I can get new certificate for new site?


#7

You currently have two installations:

  • /root/certbot-auto, which is a portable version of Certbot that is based on a shell script and upgrades itself automatically.
  • certbot, which is installed from package repositories and upgrades are managed by the package manager.

Both installations will use the same certificate and renewal settings from /etc/letsencrypt, so you don’t need to worry about that.

In the past, you’ve obviously been using certbot-auto. I would suggest that you continue to use it for your new certificates, by running /root/certbot-auto instead of certbot.

If you wish, you can switch to certbot from package repositories instead, but you need to ensure that you install it from the PPA, as documented, or you will have an old version that might not work so well.


#8

So I get new cerificate for new site just

sudo certbot-auto --apache -d xxx sitename

One question is:
Ubuntu 14.04 LTS which i use End of Life date April 2019
So after that I need to update it example
Ubuntu 18.04 LTS. To get new certificates.
Is that right? Or do certbot-auto get new
certificates after that?
I just had about one year time to prepare that changes.

Or do certbot-auto works correclty after April 2019.
This https certificate refreshing is only outside thing in my
websites.


#9

So please tell me if you can: Do certbot-auto works Ubuntu 14.04 LTS after april 2019?

Thanks responses which you have give to me!


#10

Certbot will not stop working after April 2019.
Ubuntu will stop providing updates after April 2019.

Two things:

  1. Do you have a cron job to update your certs? if so, show that command.
  2. When running certbot-auto it is best to do so from the same directory where it is located (/root/ in your case).

#11

In particular, since certbot-auto probably won’t be in your PATH, you’ll need to specify a directory in the shell, which could be done with something like sudo /root/certbot-auto or cd /root; sudo ./certbot-auto.


#12

Do you have a cron job to update your certs? if so, show that command.

cron job is done: /root/certbot-auto renew --quiet

ok so. sudo /root/certbot-auto --apache -d xxx sitename
give me new certtificate for new site.