Error whyle trying to install Cerbot for the Nginx


#1

My domain is:
russianpaintings.net

I ran this commands one after another (accordning to this manual https://certbot.eff.org/lets-encrypt/centosrhel7-nginx):
yum -y install yum-utils
yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
sudo yum install certbot-nginx

It produced this output after the last command:
No package cerbot-nginx available
Error: Nothing to do

My web server is (include version):
Nginx 1.12.2

The operating system my web server runs on is (include version):
CentOS release 6.9 (Final)

My hosting provider, if applicable, is: self-hosted

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): ISP Lite 5


#2

Hi,

Please refer to the guide since certbot seems not available @ Centos 6


Where is the official ACME v.2 client?
#3

It is useless since I want to obtain Wildcard for my server, but on your page it is said: "Certbot’s DNS plugins which can be used to automate obtaining a wildcard certificate from Let’s Encrypt’s ACMEv2 server are not available for your OS yet."
Do you have any idea?


#4

Hi @Zero,

Certbot’s DNS plugins are indeed not available for your OS yet. You could use the Docker method suggested on the documentation page, or consider the methods at

https://id-rsa.pub/post/certbot-auto-dns-validation-with-lexicon/

or use one of the other ACMEv2-capable clients like acme.sh


Where is the official ACME v.2 client?
#5

How do you think this is possible if I am the second day informed about the wildcard existence?! I looked at the unlimited documentation for the Docker and undestood that this is for the geeks.

Do you have some simple method which is simple for the beginner?


#6

Unfortunately, I’m not sure getting a wildcard certificate on CentOS 6 is necessarily easy yet.

In your case I would probably try with acme.sh instead of Certbot.


#7

Certbot’s DNS plugins are indeed not available for your OS yet.

And when will this be available?


#8

I think it may be about two weeks, but I don’t know precisely.


#9

How is it possible to be notified about the matter?


#10

You might want to ask the CentOS developers about being notified.


#11

Why CentOS developers but not CertBot developers?!


#12

Because they have to package our code for their operating system.


#13

I think this is not possible since they do not have the contact us section on their site: https://www.centos.org


#14

I will ask on their forum If you’ll tell me what parameters I should ask for exactly.


#15

If you have a pressing need for a wildcard today, you can just use the --manual flag in certbot-auto, and set the DNS records for a wildcard certificate yourself.

The DNS plugins are only required for renewal purposes (and I’m not sure one exists for Encirca anyway).

This will allow you to relax for 60-90 days with your wildcard while days while the CentOS package maintainers (who are donating their time) do their work.


#16

I am using the letsencrypt general certificates in the Isp Lite 5 CP at the moment. I think this panel is using the acme.sh v.1. I will try to install the v.2 from the https://github.com/Neilpang/acme.sh (10. Issue Wildcard certificates) because they alredy have the cron comand example. I am not sure if Encirca is involved in all this staff at all. I create the DNS records myself on Encirca site.


#17

Your DNS host is involved, because wildcard certs require DNS validation. To be able to automatically issue and renew certs (which is a large part of the point behind Let’s Encrypt), your client will need to be able to make updates to your DNS records automatically, which means your DNS host needs to have an API allowing such. I don’t know if Encirca has such an API, but if it does, I don’t see any indication that acme.sh supports it.

You can still validate manually, but that means you’ll need to make manual updates to your DNS records every 60-90 days.


#18

Which updates should I made in the DNS records every 60-90 days? TXT record, ttl record, what?


#19

The certs will be renewed automatically every 60 days.


#20

You’d need to update TXT records–the validation tokens need to be changed with each renewal.

Yes, if the script has the ability to automatically make the required DNS updates. As of now, it doesn’t appear that it does with your DNS host. You could consider using a different DNS host (Cloudflare, for example, has a robust, well-supported API, provides free DNS hosting), or operating your own DNS server just for ACME validation purposes (see acme-dns).