How can I update my certbot in fedora 25

stevenzhu · July 10, 2018, 4:12am

Hi,

Can you please try run “sudo yum update” and see if there’s any update for certbot?

Thank you

cjongithub · July 10, 2018, 4:20am

@stevenzhu I tried running that command it says upgrading certbot version 0.19.0-1.fc25, but it did not update the current. Running the command certbot --version still shows 0.12.0

rg305 · July 10, 2018, 4:34am

please show:
which certbot
find / -name certbot

cjongithub · July 10, 2018, 4:36am

It’s in the /usr/bin/certbot.

rg305 · July 10, 2018, 4:37am

you found just the one?

cjongithub · July 10, 2018, 5:57am

Yes, just that one. Are there any other files I need?

rg305 · July 10, 2018, 5:59am

None…
I would try removing certbot and then reinstall.
If the version remains the same…
Then check on this page:

cjongithub · July 10, 2018, 6:03am

If I remove the current, are there any issues that might occur on my website which is currently using the certs?
I come up to update the certbot because I’m experiencing error in renewing the ssl of one of the website which is in the cloudflare. I searched and I found this one: IMPORTANT: What you need to know about TLS-SNI validation issues

rg305 · July 10, 2018, 6:03am

It should not remove the contents of the /etc/letsencrypt directory.
But to be safe, you can copy it elsewhere.

cjongithub · July 10, 2018, 6:04am

Will try that. I come up to update the certbot because I’m experiencing error in renewing the ssl of one of the website which is in the cloudflare. I searched and I found this one: IMPORTANT: What you need to know about TLS-SNI validation issues

rg305 · July 10, 2018, 6:08am

That link doesn’t not make any mention of CloudFlare (which can sometimes be problematic)

cjongithub · July 10, 2018, 6:09am

The error says “Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.” I’m thinking it is something to do with the configuration in Cloudflare server.

rg305 · July 10, 2018, 6:12am

Check your domain at: https://letsdebug.net

_az · July 10, 2018, 6:11am

You should be able to just run

certbot renew --cert-name example.org --preferred-challenges http

cjongithub · July 10, 2018, 6:12am

Will try that one and see if it go through.

rg305 · July 10, 2018, 6:13am

Also, you might be able to use certbot-auto
See: How to get a Let's Encrypt certificate while using CloudFlare

_az · July 10, 2018, 6:19am

That’s … odd. Are you sure your Certbot is up to date?

certbot --version
certbot renew --cert-name example.org -a apache --preferred-challenges http --dry-run

If you can’t get an up to date version, then use certbot-auto as suggested by @rg305 . It’s a drop-in replacement, just call ./certbot-auto instead of certbot, with the same arguments.

Uninstalling your old certbot is perfectly safe. All of your data is in /etc/letsencrypt and will be preserved.

rg305 · July 10, 2018, 6:20am

Please show the /etc/letsencrypt/renewal/marketing.awaste.com.au.conf? file.
(Or whichever the site name that your are having trouble with.)

Patches · July 10, 2018, 11:18pm

The reason that you cannot update certbot with yum is that Fedora 25 reached end-of-life in December 2017 and is no longer receiving updates.

You should be able to work around the issue with your old version using a different command or by installing certbot-auto as @_az and @rg305 have explained.

But your server is missing important security updates, such as for the highly publicized Spectre/Meltdown vulnerabilities, so you should strongly consider upgrading your Fedora installation anyway, even if you can get certbot working.

system · August 9, 2018, 11:15pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.