Automating Install - Continent & Country?

Hi Everyone!

I am trying to simplify and streamline cert deployment by automating as many tasks as possible

I am using Nginx on Ubuntu 18.04 LTS and I would like to understand how to install certbot without it prompting me for Continent and Country? This is currently preventing the automation from running

I’ve looked around as I was thinking there would be some kind of flag or config file I could specify but I’m not having much luck - presumably I am looking for the wrong terms

In addition to that, what is the best way to bootstrap configs such that I can install the cert in nginx automatically? I am using Terraform to spin up the cloud environment so presumably I can pass in some variables to run the certbot command

Any advice is appreciated

Thankyou

Hi @hut585

I don’t understand that. A Letsencrypt certificate has never a continent or a country - entry.

So the CN (CommonName) is always one domain name:

CN=*.server-daten.de

No organization, no city, no country. So you can leave these entries empty or add always the same value. Letsencrypt will remove these entries.

Thanks for the fast reply! Yes I am wondering why it’s prompting me at all.

Just to be clear, this is not happening when I run the certbot command, it is happening why I am trying to install certbot in the first place

Thanks!

Is this a possible solution?

edit: this is probably better:

Could you please share the exact command(s) and the exact output of what you’re doing? I’m guessing it’s a Ubuntu thing, but not sure.

Ok, it’s probably this.

certbot -> python3-certbot -> python3-tz -> tzdata

(where -> means “depends on”)

this means you need to configure tzdata if it’s not configured already. (see the serverfault links to see how, otherwise look for the manpages)

Probably the Ubuntu repository I’m guessing :wink:

It’s probably the same package :wink: :smiley:

It probably is, but still. Different version in any case.

yeah, same deps but a lot older: https://packages.ubuntu.com/bionic/certbot

Thanks all for the help! I’ve tried a few of the suggestions, but not quite got it working

Command I am running is:

root@test:~# apt-get install -y certbot python-certbot-nginx

And after going through a few of the usual operations it halts here:

Configuring tzdata
------------------

Please select the geographic area in which you live. Subsequent configuration questions will narrow this down by presenting a list of cities, representing the time zones in which they are located.

  1. Africa  2. America  3. Antarctica  4. Australia  5. Arctic  6. Asia  7. Atlantic  8. Europe  9. Indian  10. Pacific  11. SystemV  12. US  13. Etc
Geographic area:

So yes, it does indeed seem to be related to tzdata, so I will try a few more things.

Thanks again for the pointers

So the issue was the tzdata, using the minimal Ubuntu image seems to miss some packages, as after quite a bit of playing with the above suggestions and having no luck, I tried the full image and that worked

Another useful command should anyone else come across this is:

timedatectl
timedatectl list-timezones

and

timedatectl set-timezone <your timezone>

What I noticed from the tests was that on the minimal image, there are no timezones other than UTC. Let’s Encrypt installer does not prompt on the full image when setting the correct timezone with startup script.

All that’s left to do now is figure the correct syntax to issue a cert non-interactively, which doesn’t look too hard.

Thanks again for all the help!