Certbot Upgrade Not Working


#5

I believe the certbot PPA is enabled, yes. I can certainly confirm that, though, if necessary.

I have followed all instructions for installing and upgrading from eef and other help articles, but I mostly remember apt-get update and apt-get upgrade. There were others in there last week, but I don’t remember them all.

apt list --upgradable returns

certbot/bionic,bionic 0.28.0-1+ubuntu18.04.1+certbot+4 all [upgradable from: 0.23.0-1]
linux-generic/bionic-updates,bionic-security 4.15.0.43.45 amd64 [upgradable from: 4.15.0.23.25]
linux-headers-generic/bionic-updates,bionic-security 4.15.0.43.45 amd64 [upgradable from: 4.15.0.23.25]
linux-image-generic/bionic-updates,bionic-security 4.15.0.43.45 amd64 [upgradable from: 4.15.0.23.25]
netplan.io/bionic-updates,bionic-security 0.40.1~18.04.4 amd64 [upgradable from: 0.36.2]
python3-acme/bionic,bionic 0.28.0-1+ubuntu18.04.1+certbot+3 all [upgradable from: 0.22.2-1]
python3-certbot/bionic,bionic 0.28.0-1+ubuntu18.04.1+certbot+4 all [upgradable from: 0.23.0-1]
python3-certbot-apache/bionic,bionic 0.28.0-1+ubuntu18.04.1+certbot+3 all [upgradable from: 0.23.0-1]
python3-parsedatetime/bionic,bionic 2.4-3+ubuntu18.04.1+certbot+3 all [upgradable from: 2.4-2]

apt policy certbot python3-certbot returns

certbot:
Installed: 0.23.0-1
Candidate: 0.28.0-1+ubuntu18.04.1+certbot+4
Version table:
0.28.0-1+ubuntu18.04.1+certbot+4 500
500 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main amd64 Packages
500 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main i386 Packages
*** 0.23.0-1 500
500 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
500 http://us.archive.ubuntu.com/ubuntu bionic/universe i386 Packages
100 /var/lib/dpkg/status
python3-certbot:
Installed: 0.23.0-1
Candidate: 0.28.0-1+ubuntu18.04.1+certbot+4
Version table:
0.28.0-1+ubuntu18.04.1+certbot+4 500
500 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main amd64 Packages
500 http://ppa.launchpad.net/certbot/certbot/ubuntu bionic/main i386 Packages
*** 0.23.0-1 500
500 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
500 http://us.archive.ubuntu.com/ubuntu bionic/universe i386 Packages
100 /var/lib/dpkg/status


#6

Thanks Matt! “sudo apt upgrade” did the trick. I have certbot 0.28.0 now.

The email “Action required: Let’s Encrypt certificate renewals” that I received had this in it:

“If you’re a Certbot user, you can find more information here:
How to stop using TLS-SNI-01 with Certbot

When you follow the link you get these instructions:

" If the version is less than 0.28, you need to upgrade your Certbot. Visit https://certbot.eff.org/ and follow the instructions for your webserver and OS."

When you follow that link you get the commands to install Certbot. But they do not upgrade the version.

Perhaps another email should be sent with more clear instructions on how to upgrade an existing Certbot installation.


#7

FAILED

Then:

WORKED

Maybe the instructions should be updated to include this “possibility” ?


#8

sudo apt upgrade worked for me!

sudo apt-get upgrade just wouldn’t upgrade certbot to 0.28

thanks!


#9

Worked for our websites

If Ubuntu 18.04

apt install certbot python3-certbot python-certbot-apache

certbot --version
certbot 0.28.0

If CentOS7

yum update certbot python-certbot-apache python2-certbot python2-acme

certbot --version
certbot 0.29.1

However, cat /etc/letsencrypt/renewal/MySite.conf. Continue to show:

version = 0.26.1

Is it normal?


#10

Yes, the renewal file is only updated AFTER a cert renewal - not on certbot update.


#11

This is a good idea, I mentioned it to the Certbot devs. I don’t think comparing apt update to apt upgrade is really the right thing - update fetches a newer list of available packages, while upgrade actually installs the newer packages. I think the underlying issue is this:

  sudo apt-get install python-certbot-apache 

If you already have python-certbot-apache installed, that command will upgrade python-certbot-apache, but it won’t upgrade python-certbot. I think adding python-certbot to the list probably makes sense so that the instructions keep people up to date even if they’ve already got the software installed.


#12

I think there’s an additional factor – when python-certbot-apache got replaced with a transitional dummy package for python3-certbot-apache, it stopped having a dependency on a specific version of any other packages, so I think (re)installing it makes apt less prone to upgrading anything else.


#13

Doh! [that was my mistake]

I meant to compare:
apt upgrade
with
apt-get upgrade

One seems to work “better/differently” than the other (at times).


#14

Interesting. I’m fairly confident that apt upgrade does exactly the same thing as apt-get upgrade. If you have documentation otherwise I would be interested to read it.


#15

Two people in this thread have said the results differ:



#16

Good point!

@gmarzloff, can you confirm whether the command that was not working for you was sudo apt-get upgrade? Could it have been sudo apt-get update?

@rg305: According to https://itsfoss.com/apt-vs-apt-get-difference/, both apt upgrade and apt-get upgrade have the functionality “Upgrades all upgradable packages.” If you’re suggesting that one behaves differently, that’s a pretty significant claim – I’d want to dig deeper before making that claim.


#17

All things being equal, things would be equal…
So maybe they aren’t equal.
Hard to setup a test for this though.


#18

@jsha I followed the instructions here hoping to upgrade from 0.23 to 0.28.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository universe
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot python-certbot-apache 

apt-get update didn’t work. I’m over 75% certain I tried apt-get upgrade which didn’t work either. When I ran apt upgrade, certbot --version showed 0.28. I wish I could be more precise on the method but I was trying a lot of different commands trying to find a solution.


#19

No problem, I appreciate you adding the extra detail! FYI, apt-get update and apt update never install new software, they just download new lists of software. So I’m not surprised that update didn’t fix the issue. Both apt-get upgrade and apt upgrade should have fixed the issue; we’ll keep an eye out for similar reports, in case there really is an issue with one of the upgrade variants.

Also it’s worth noting that we’ve already updated https://certbot.eff.org/lets-encrypt/ubuntubionic-apache based on the feedback in this thread. Specifically where it used to say:

  $ sudo apt-get install python-certbot-apache 

Now it says:

  $ sudo apt-get install certbot python-certbot-apache

Which should be more correct. Thanks for your feedback, hopefully you’ve made things a bit easier for everyone else!


About CertBot upgrade
#20

This worked for me too!

sudo apt upgrade
certbot 0.28.0

Thanks all for the help; I’m all set at this point.


#21

Hi! I have the same issue, please help.

I am running Ubuntu 17.10 on a Digital Ocean droplet and have been trying to upgrade certbot from 0.22.2-1+ubuntu17.10.1+certbot+1 in order to deal with the TLS-SNI-01 validation end of life issue.

I have run every command I can find to update and upgrade certbot, and as near as I can tell they have all run successfully. Despite these efforts, however, every time I run certbot --version, the return says I’m still using certbot 0.22.2

All help is greatly appreciated!


#22

Hey @quack ! Your issue stems from the fact that Ubuntu 17.10 reached its end of life on 19th of July 2018. No updates (including security updates) have been provided for your version since. You are strongly urged to upgrade!

If you wish to run a version of Ubuntu for longer time before the need to upgrade to a newer major version, I suggest you upgrade to an LTS (Long Term Support) version. The differences in the time a specific version is supported can be seen at https://en.wikipedia.org/wiki/Ubuntu_version_history#Version_timeline to give you a clear picture about the differences.


#23

Thank you, it makes sense.


#24

I am also having trouble upgrading certbot on Ubuntu 18.04. I have tried both apt and apt-get, but no luck. But I see that the current version of certbot for Ubuntu 18.04 is 0.23, which is far behind the current version:

https://packages.ubuntu.com/bionic/certbot

Am I missing something here?