Cannot upgrade certbot on ubuntu 17


#1

I have been using python-certbot-nginx on my digital ocean droplet for several months.

I received an e-mail saying I needed to take action as certbot will no longer be supporting ACME TLS-SNI-01 domain validation.

Looking at this forum it looks like I need to upgrade to certbot 0.28 but when I go through the installation steps I am told that certbot is already at it’s newest version (0.25.0-2+ubuntu17.10.1+certbot+1).

Looking at the ppa, there doesn’t seem to be a version of python-certbot-nginx for ubuntu 17.

Do I need to upgrade to ubuntu 18 to complete the process or will there be a release of certbot for ubuntu 17 before February 13th when the changes come into effect?


#2

Odd-numbered Ubuntu releases have very short lifetimes - https://www.ubuntu.com/about/release-cycle. Ubuntu 17.10 is already EOL, so the Certbot team wouldn’t issue new releases for it.


#3

While you urgently need to upgrade Ubuntu for other reasons, you can continue to use Certbot 0.25.0 (unless you run into bugs). While it uses TLS-SNI-01 validation by default, it supports HTTP-01 as well as more recent versions.

You can use this command to test how things will go:

sudo certbot renew --dry-run --preferred-challenges http-01,dns-01

If you really need to upgrade Certbot, you can use certbot-auto instead. But that’s a small hassle (mainly you need to fix a systemd timer to use it) and IMO you should prioritize other things if possible.


#5

Thank you for the response. I will upgrade ubuntu. I didn’t know about LTS for only even numbers.


#6

NOTE: Not all even number are provide LTS (Long Term Support).
For example these do not have LTS:
17.10
18.10
19.04
19.10

To be 100% certain, (thus far) the version name has included “LTS”:

Ubuntu 20.04 LTS
Ubuntu 19.10
Ubuntu 19.04
Ubuntu 18.10
Ubuntu 18.04 LTS
Ubuntu 17.10
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Ubuntu 10.04 LTS