Error with wget certbot-auto


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: I want to get SSL activate for my webserver which have many domains names,

I ran this command: wget https://dl.eff.org/certbot-auto

It produced this output:
–2019-01-11 08:00:51-- https://dl.eff.org/certbot-auto
Resolving dl.eff.org… 151.101.136.201, 2a04:4e42:20::201
Connecting to dl.eff.org|151.101.136.201|:443… connected.
OpenSSL: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
Unable to establish SSL connection.

My web server is (include version): Apache 2.2.16

The operating system my web server runs on is (include version): Ubuntu 10.10

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no, I use Putty


#2

Hi @bvideosm

how old is your OpenSSL? Check it with

OpenSSL version

Ubuntu 10.10 is very old.


#3

image
EOL in 2012 (almost 7 years ago)

source: https://wiki.ubuntu.com/Releases


#4

My OpenSSL version is 0.9.8o


#5

So I should update my ubuntu version ?
Can you tell me if upgrading ubuntu is simple ?
Does it means that I will have to redo all the settings ?
Does my website will be down form some time ?

Thanks for your help !


#6

A1. Probably yes - most likely.
A2. It should be but I’m not familiar with your specific setup so I can’t be 100% certain.
A3. I would not know all the setting that you have made, so that is impossible for me to answer. In general, no - most settings are kept/upgraded.
A4. The system may have to reboot (maybe more than once) to get to a recent version. So, there will be some downtime/interruptions.

I would highly recommend doing a “snapshot” (if using a VM type system) or a full backup otherwise BEFORE MAKING ANY CHANGES.


#7

You must update OpenSSL to support the newer protocols/ciphers.


#8

Thanks for your answer !

To make a full backup, can you tell me if it’s ok if I do
tar czf /var/backups/_backup-20190111.tgz .

Does it will copy all the config and settings ? or do I need to copy something else ?
Thanks again ?


#9

I understand you need help.
But the help that you seem to need now is outside the scope of this forum.