Error with wget certbot-auto

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: I want to get SSL activate for my webserver which have many domains names,

I ran this command: wget https://dl.eff.org/certbot-auto

It produced this output:
–2019-01-11 08:00:51-- https://dl.eff.org/certbot-auto
Resolving dl.eff.org… 151.101.136.201, 2a04:4e42:20::201
Connecting to dl.eff.org|151.101.136.201|:443… connected.
OpenSSL: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
Unable to establish SSL connection.

My web server is (include version): Apache 2.2.16

The operating system my web server runs on is (include version): Ubuntu 10.10

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no, I use Putty

Hi @bvideosm

how old is your OpenSSL? Check it with

OpenSSL version

Ubuntu 10.10 is very old.

image
EOL in 2012 (almost 7 years ago)

source: Releases - Ubuntu Wiki

My OpenSSL version is 0.9.8o

So I should update my ubuntu version ?
Can you tell me if upgrading ubuntu is simple ?
Does it means that I will have to redo all the settings ?
Does my website will be down form some time ?

Thanks for your help !

A1. Probably yes - most likely.
A2. It should be but I'm not familiar with your specific setup so I can't be 100% certain.
A3. I would not know all the setting that you have made, so that is impossible for me to answer. In general, no - most settings are kept/upgraded.
A4. The system may have to reboot (maybe more than once) to get to a recent version. So, there will be some downtime/interruptions.

I would highly recommend doing a "snapshot" (if using a VM type system) or a full backup otherwise BEFORE MAKING ANY CHANGES.

You must update OpenSSL to support the newer protocols/ciphers.

Thanks for your answer !

To make a full backup, can you tell me if it’s ok if I do
tar czf /var/backups/_backup-20190111.tgz .

Does it will copy all the config and settings ? or do I need to copy something else ?
Thanks again ?

I understand you need help.
But the help that you seem to need now is outside the scope of this forum.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.