Change from certbot-auto to using certbot


#1

Hi

I have inherited a server running Ubuntu 14.04.4 LTS which is using the certbot-auto script. I would like to upgrade/change it to using the certbot following these installation instructions.

Looking at the contents of the script, this is the version LE_AUTO_VERSION="0.15.0"

$VENV_PATH does not produce any output for my user and for root

I believe therefore that my next commands to run should be:

rm -rf /home/user/.local/share/letsencrypt
rm -rf /root/.local/share/letsencrypt

Then I should follow the installation instructions

Are these steps correct? Have I missed anything? Also do I need to do anything with, or worry about files in these directories?

/var/log/letsencrypt
/var/lib/letsencrypt
/etc/letsencrypt

Thanks in advance for any help and guidance.


#2

Hi @mahomedh

are you using a certificate? If yes, this

would be terrible.

Make a backup - then try it. If it doesn’t work, you have to fix the problems.


#3

Yes, but we don’t mind re-issuing the certificates again. Most of them are expired anyway because the auto-renew is not working.

Thanks for the advice. I’ve already made a backup. But I would much rather avoid going down the rabbit hole of troubleshooting a broken system when there might be a better way of avoiding a broken system in the first place.


#4

certbot-auto still stores the certificate data in /etc/letsencrypt. The .local/share/letsencrypt directories are only used to store code, not data.


#5

Also, keep in mind that the Certbot packages will automatically set up a cron job to run “certbot -q renew”. If you have an existing custom cron job, you can remove it.


#6

Thanks. Does this mean that my steps should be fine?


#7

It’s fine for it to auto-renew. This is one of the end goals anyway. I’ve already removed the existing cron jobs. Just to be clear I am trying to achieve

  1. Remove the old script without breaking the system or preventing the install of the current certbot
  2. Install the current and recommended certbot
  3. Have it auto-renew all the certificates reliably.

#8

Yes, different versions of Certbot will happily use each other’s files in /etc/letsencrypt. Note that certbot-auto updates automatically to the latest released version, so when you install an OS package instead, you’ll be using a slightly older version of Certbot.


#9

Great! Thank you. I’ll give it a try and see how it goes.


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.