Hi everyone, our systems are currently running Oracle Linux 8 which is Red Hat 8. I
opened a ticket some weeks ago and mentioned we were running 1.22. This took me by
surprise thinking our Linux repos were pulling in the latest level. Well I was wrong.
User rmbolger commented that version is from 2021. He mentioned to use Linux snap or
Linux pip. Seems on our systems we do yum installed and sometime rpm is needed.
rmbolger mentioned this site "https://certbot.eff.org/".
Did anyone else run into this and had to switch over to another package manager? I
have concerns with the switch with InCommon going from Sectigo to CertiNext using an
older release like this will be an issue. For the last few years Certbot has been
working great for us.
Oh, if anyone has some helpful information how you switched this over from using Secti
to CertiNext that would be great. I see the sectigo site in multiple files for
/etc/letsencrypt, and how you switched this over. This new validation needing a token
on the DNS site or http token on the host is new, and I suspect will need some
changes. Thank you everyone, Rich
You may have better luck asking that on a Sectigo or CertiNext community forum. This forum focuses on Let's Encrypt certificates.
While we often help people use Certbot, that's only very rarely for CAs other than Let's Encrypt.
Using a DNS or HTTP Challenge are the most common types used for Let's Encrypt. I'm not even sure which other kinds Certbot supports.
If you want help with a specific Certbot command please show it. Maybe someone will help out anyway.
The EFF develops Certbot, not the ISRG who manage Let's Encrypt. Again, we often help people use Certbot for LE but another option is to post an issue on the EFF's github for Certbot
They will almost certainly want you upgrading to the latest so follow the link rmbolger provided for the EFF's install options. Package maintainers do not tend to keep up with the latest versions by the EFF. There have been numerous improvements to Certbot, and the ACME Protocol in general, since your version was created.
Hi Mike, I am a little confused by this. You mentioned this forum focuses on Let's Encrypt certificates.
On our Oracle Linux systems I installed the certbot.noarch package. It created a /etc/letsencrypt directory
for the isntall. Maybe I am way off, but I thought certbot was part of lets encrypt now maybe I am wrong.
I want to understand more about why the ol8 epel repo latest version is so old. I will be looking into what other
install options I have on Oracle Linux. Maybe I can use some other package manager outside of the yum environment.
Certbot has not been part of Let's Encrypt for a very long time--it's maintained by the EFF, and that's been true for several years.
The recommended distribution of certbot is via snapd. Or you can use a different client, which is what I'd recommend--lego in particular, as a Go binary, runs pretty much anywhere.
The /etc/letsencrypt directory name is presumably just for backwards compatibility. If you're using another CA then the directory will contain certs/configuration that are completely unrelated to Let's Encrypt.