CERTBOT install gone wrong - Debian Jessie


#1

I get to this point (see below command) and after I restart the server it will not read the sources.list entries, says that it cannot fetch them and my website is no longer responding. Traceroute completes without error. I went back to a previous snapshot where the website at least responds.

sudo apt-get install python-certbot-apache -t jessie-backports

Before I get to this point I edit the sources.list file to have:

deb http://ftp.de.debian.org/debian/ jessie main
deb-src http://ftp.de.debian.org/debian/ jessie main

deb http://security.debian.org/ jessie/updates main
deb-src http://security.debian.org/ jessie/updates main

deb http://ftp.de.debian.org/debian/ jessie-updates main
deb-src http://ftp.de.debian.org/debian/ jessie-updates main

deb http://ftp.debian.org/debian jessie-backports main

apt-get update runs fine after the file changes. But after I run the above command it screws up everything.

domain name: dwwireless.net


#2

Hi,

What are you trying to archieve?
Could you elaborate more on the issues?

Thank you


#3

My certificate for the domain expired and it was recommended to use Certbot, i went through the instructions to do before running that fatal command


#4

k.

May i know what you used to obtain the certificate initially?

Thank you


#5

I “inherited” this network from the past server guy, but it says lets encrypt authority x3
And I do see letsencrypt in the /etc directory


#6

Okay.

So, could you please try to execute certbot version in shell?

Or could you please look for certbot-auto?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Thank you for your corporation


#7

after i ran that command that screwed everything up I did see certbot-auto, but I went back to a snapshot where the website worked so that isn’t there anymore.

was there more to do after I ran that command before everything starts to work?

My domain is: dwwireless.net

I ran this command:

It produced this output:

My web server is (include version): virtual machine

The operating system my web server runs on is (include version): debian 8

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#8

Hi,

I see that you have a certificate generated at 10/14/2018…
https://crt.sh/?id=859248693

Do you recognize this certificate?

Could you check if you have certbot or certbot-auto (already installed, not install a new one)?

Thank you


#9

no its not installed
and yes, I generated it…but I am not sure how to import it

oh,

and this is what brought me to certbot to try to get it working
Is there a way to just renew it without having to go through certbot?


#10

Which web server software are you using?
(Apache,NGINX, other)

There are instructions for both.
Here is a link to Apache on Debian 8:

Which require backports:
First you’ll have to follow the instructions here to enable the Jessie backports repo,
Which shows:
apt-get -t stretch-backports install "package"
(a step that you may have missed)


#11

I already ran through that, after clicking on the “here” link for the prerequisite settings I ran that first command after selecting the versions I am running and that is what caused my issue


#12

Which command borked it?
sudo apt-get install python-certbot-apache -t jessie-backports
or
apt-get -t stretch-backports install "package"


#13

the sudo apt-get command is the one, after it ran I restarted the server and I noticed that I could no longer run apt-get update. Was there something I should have done after running that command before restarting? I have a feeling its because I am using jessie and not stretch

I saw that Jessie was no longer supported?


#14

Did you ever run:
apt-get -t stretch-backports install "package"


#15

no, because I’m not on stretch, should that be something I should try?


#16

I’m not 100% certain, but since the path you followed failed, and given you do have (can make) a snapshot to revert back to, I would try Debian 8 instruction link above.


#17

thats what i did, I didnt use that second command you sent on my second attempt because it didnt do anything the first time. what do I put for “packages” when I did run that it said no such thing as package packages. It’s not very detailed

so, the command didn’t fail per-say, just didnt work…


#18

I do agree the instructions are not intuitive.
I would try:
sudo apt-get -t stretch-backports install python-certbot-apache
Which seems like it would be the same but the order is not.
Also found notes to include:
apt-get -t stretch-backports install -f
then
apt-get -t stretch-backports install python-certbot-apache

You might also want to give certbot-auto a try:
mkdir /certbot-auto #or wherever you like
cd /certbot-auto
wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
./certbot-auto


#19

What exactly happens? What is the output?


#20

So, I shouldn’t make changes to that sources.list file? and that stretch command should work even though I’m on Jessie?

I will give this a try and tell you the output.