Certbot-auto alongside certbot

I am running Ubuntu 18.04 / certbot 0.31.0 and attempting to use the certbot-dns-linode plugin. Unfortunately Linode has discontinued their legacy manager and the the version of this plug-in that’s available for Ubuntu 18 does not support the new Cloud Linode API v4 tokens as discussed here: https://www.linode.com/community/questions/18380/certbot-dns-linode-api-permissions

So now I’ve installed certbot-auto in attempts to use the most recent version. This is a bit confusing to me when it comes to how things will be maintained in the future.

  • Can the two versions peacefully co-exist or should I uninstall certbot so that only one remains?
  • What becomes of the existing certbot binary and the systemd job?
  • I don’t see any certbot-auto service in systemd - when I issue new certificates with certbot-auto will they auto renew?
  • Do certbot and certbot-auto share the same certificate directory?

UPDATE:

Apparently certbot-auto doesn’t support the dns plugins and the docs seem pretty discouraging about installing from source. Is there an easy way to get a newer version of certbot running on Ubuntu 18 so that I can use this DNS plugin? The relevant functionality I need was added here: https://github.com/certbot/certbot/commit/333ea90d1b1348933aa6e586472bb62e182bfebc

1 Like

you should remove non-auto certbot.

unless you’ve been careful, they’re sharing the same configuration directory. and I don’t know if its format is compatible across all versions.

at best, it’s pointless to have both.

3 Likes

Thanks - I’ve updated my question (and removed certbot-auto since it’s not helpful in my case). Not sure if I should just open a new question but let’s see where this goes…

1 Like

You know, certbot is not the only client: https://letsencrypt.org/docs/client-options/

1 Like

Thanks 9peppe, I understand that but I’ve already got many certificates issued and I don’t really want to switch clients atm if I don’t have to.

Just spoke with someone at Linode and apparently it’s still possible to issue an API v3 token. Here’s a helpful discussion on the topic:
https://www.linode.com/community/questions/19555/how-do-i-update-an-expired-apiv3-token-now-that-the-classic-manager-has-reached-?

Doing it this way i was able to use the older linode dns plugin.

2 Likes

In practice generally yes, but in principle potentially not.

There are very few cases in which this is likely to cause a problem for users but, indeed, Certbot doesn’t guarantee that newer versions of the renewal configuration will be understandable to older Certbot versions. So that is a good argument for following your suggestion and only having one version of Certbot in active use on a given system.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.