I’m a bit confused as to the naming of certbot. If I understand the history, the letsencrypt-auto client was recommended a long time ago (when letsencrypt was in beta). Then the certbot project came out and that became the recommended client.
For the Ubuntu 14.04 LTS Certbot install instructions, the recommendation is to download certbot-auto and install manually.
For the Ubuntu 16.04 TLS Certbot install instructions, the recommendation is to install the “letsencrypt” package through apt. (This package seems to behave just like certbot, but it provides a command letsencrypt-auto just like the old client). Is this the certbot client or the older letsencrypt client?
For the Ubuntu 16.10 Certbot install instructions, the recommendation is to install the “certbot” package through apt.
Is the go-forward Ubuntu recommendation to use the certbot apt installer? Just wondering what client I should expect to be coding into my provisioning scripts since the name and the install instructions have changed over time.
The client is actually the same, it’s just the name that was changed somewhere in the development history.
So the client currently is certbot and previously it was called letsencrypt. And some distributions have added the client in their repository, but have not updated the client since. Therefore, the client is still called letsencrypt.
Besides the client itself, there’s the ${client_name}-auto script. This is a script for distributions which do not have the client in their repository and always installs the latest version of the client. This script was also renamed when the client was renamed. The name however should not matter: even scripts with the old name (i.e. letsencrypt-auto) should install the latest version of the client (which is now named certbot ;))
The first part above explains why Ubuntu 16.04 has the letsencrypt client in its repository: it has never updated the client after the renaming. 16.10 however does have a relative new version, which is why it is called certbot.
The second part explains why for an even older version of Ubuntu, you come across the name certbot again in the form of certbot-auto. Because the client is the same and just the name was changed, the up to date EFF certbot manual recommends you to use the most recent version of the ${client_name}-auto script. Which is, nowadays, of course certbot-auto.
Hopefully this makes any sens
I personally would recommend to always use the client from the distribution repository. The auto-script is more of a work-around.
Thank you for that detailed explanation. It’s good to know that letsencrypt-auto and certbot-auto will both pull in the same certbot updates, and also good to know that certbot is the apt package name to expect in future Ubuntu releases (and other OS variants). I’ll also be sure to always use the distribution package when possible.
