Cannot upgrade certbot on ubuntu 17

I have been using python-certbot-nginx on my digital ocean droplet for several months.

I received an e-mail saying I needed to take action as certbot will no longer be supporting ACME TLS-SNI-01 domain validation.

Looking at this forum it looks like I need to upgrade to certbot 0.28 but when I go through the installation steps I am told that certbot is already at it’s newest version (0.25.0-2+ubuntu17.10.1+certbot+1).

Looking at the ppa, there doesn’t seem to be a version of python-certbot-nginx for ubuntu 17.

Do I need to upgrade to ubuntu 18 to complete the process or will there be a release of certbot for ubuntu 17 before February 13th when the changes come into effect?

Odd-numbered Ubuntu releases have very short lifetimes - https://www.ubuntu.com/about/release-cycle. Ubuntu 17.10 is already EOL, so the Certbot team wouldn’t issue new releases for it.

While you urgently need to upgrade Ubuntu for other reasons, you can continue to use Certbot 0.25.0 (unless you run into bugs). While it uses TLS-SNI-01 validation by default, it supports HTTP-01 as well as more recent versions.

You can use this command to test how things will go:

sudo certbot renew --dry-run --preferred-challenges http-01,dns-01

If you really need to upgrade Certbot, you can use certbot-auto instead. But that’s a small hassle (mainly you need to fix a systemd timer to use it) and IMO you should prioritize other things if possible.

Thank you for the response. I will upgrade ubuntu. I didn’t know about LTS for only even numbers.

NOTE: Not all even number are provide LTS (Long Term Support).
For example these do not have LTS:
17.10
18.10
19.04
19.10

To be 100% certain, (thus far) the version name has included “LTS”:

Ubuntu 20.04 LTS
Ubuntu 19.10
Ubuntu 19.04
Ubuntu 18.10
Ubuntu 18.04 LTS
Ubuntu 17.10
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS
Ubuntu 10.04 LTS

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.