Certbot for Debian 8 Jessie

ranch · October 5, 2020, 7:59pm

We have just setup a new server on a Debian 8 Jessie VPS. We have the run on Debian 8, newer versions will not run our software. I was trying to install Certbot, using some backport instructions I found, but I get this message: Failed to fetch http://ftp.debian.org/debian/dists/jessie-backports/main/binary-amd64/Packages 404 Not Found.
Is there any way to generate a Letsencrypt certificate on the web? Or can I create one on another machine? It doesn't look like it is doable on Debian 8.

Thanks

Osiris · October 5, 2020, 7:59pm

Probably not. Snapd is also not available.

Also, I'm not sure why you'd want to keep Debian 8 still around, as it's end of life and doesn't get security updates any longer.

ranch · October 5, 2020, 8:11pm

Like I said, this software we run will not run on anything above D8. We are not worried about it not getting security updates. I guess a self-signed cert will have to do.

Osiris · October 5, 2020, 8:13pm

There are other clients available besides certbot.

From the Getting Started documentation page:

If Certbot does not meet your needs, or you’d like to try something else, there are many more ACME clients to choose from. Once you’ve chosen ACME client software, see the documentation for that client to proceed.

ranch · October 5, 2020, 9:26pm

Thanks. I am not too familiar with these things, but I'll probably be able to figure it out.

Osiris · October 5, 2020, 9:34pm

'acme.sh` is a very lightweight client written in Bash, but documentation is kinda lacking if you ask me and does work differently from certbot.

ranch · October 6, 2020, 1:26am

Yes, I had to kind of figure is out, but it was quite simple.

In /root:
wget https://github.com/kshcherban/acme-nginx/releases/download/v0.1.2/acme-nginx
chmod +x acme-nginx

(I couldn;t find acme-nginx in /root, but it executed as below anyway)
sudo /root/acme-nginx -d me.net -d www.me.net -d mail.me.net

Results:
/etc/ssl/certs/nginx-selfsigned.crt

/etc/ssl/private/letsencrypt-account.key letsencrypt-domain.key letsencrypt-domain.pem nginx-selfsigned.key ssl-cert-snakeoil.key

I guess the nginx-selfsigned.crt is the cert and letsencrypt-domain.key is the key I use.

Osiris · October 6, 2020, 9:22am

According to the README file on acme-nginx Github page, that's not the correct file:

Certificate was generated into /etc/ssl/private/letsencrypt-domain.pem

It should be that location? Or the README isn't up to date any longer. But I wouldn't think anything called "self signed" is a Let's Encrypt certificate.

letsencrypt-domain.pem is the certificate and letsencrypt-domain.key is the private key corresponding to that certificate.

ranch · October 6, 2020, 4:26pm

Much thanks! I was having trouble finding the cert and key. You are correct on their location and names.