How can i upgrade to Certbot 0.27 to latest

manuvs13 · January 28, 2019, 5:37am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:d365.getverticalresponse.com

I ran this command:certbot --version || /path/to/certbot-auto --version

It produced this output: certbot 0.27.1

My web server is (include version): Apache2

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Osiris · January 28, 2019, 6:24am

Which one did you actually use? As it's rather important. certbot-auto should auto-update to the most recent version.

manuvs13 · January 28, 2019, 6:53am

Hi,
Currently the Certbot version in 0.27.1. S i got a "Action required mail" from lets encrypt, so i tried to update it.
So i was following this link

it says that, the certbot version would be 0.28 or higher.
I'm using CentOS 7. Could you please guide me how to update this.
Thanks in advance.

rg305 · January 29, 2019, 12:18am

Upgrading to certbot version 0.28 (or higher) is NOT a required.
It will fix some things automatically.
But thst can also be “fixed” manually.
I see that http://d365.getverticalresponse.com/ is accessible, so you should have no problem using http for authentication.
Please show the relevant cron job (that tries to renew your cert).
You can try these to find it:
crontab -l
systemctl list-timers --all
[and with sudo if “empty” results]

mnordhoff · January 29, 2019, 12:22am

Are you using both CentOS 7 and Ubuntu 16.04?

manuvs13 · January 29, 2019, 5:15am

Thank you so much for the reply…
I’ve not set the cronjob yet, I’m pretty new to this. could you please help me to set that too?? because multiple sites are hosted in the same machine.

rg305 · January 29, 2019, 5:19am

Please show the results of these commands:
crontab -l
systemctl list-timers --all

Use sudo if “empty” results:
sudo crontab -l
sudo systemctl list-timers --all

manuvs13 · January 29, 2019, 5:25am

Hi,
I’m using Ubuntu 16.04.
The Certbot version which is running on the machine is 0.22.2. So could you please guide me how to update to the latest?
I got a “Action required: Let’s Encrypt certificate renewals” email from Letsencrypt.
I’m pretty new to this. so Could you please guide me how to update the Cerbot?
Thanks in advance.

Manu

rg305 · January 29, 2019, 5:32am

Start here:
https://certbot.eff.org/lets-encrypt/ubuntuxenial-apache.html

NOTE: There is another thread that seems to indicate that apt-get and apt may not function equally.
I would first try the apt-get method as detailed. Then if that fails to update certbot, use apt instead of apt-get.
And do let us know which method worked.
Thanks.

manuvs13 · January 29, 2019, 6:12am

Hello.,
Thank you for the reply .

i use "apt-get install" and it worked for me. now the package is updated to 0.28.0.
and now,
I've to follow these steps to stop using TLS-SLI-01

since it is in a production environment, need to get approval from the client.
once again thank you so much for your help.

rg305 · January 29, 2019, 6:19am

Steps #1 and #3 are harmless and can be done on production systems.
Step #2 will make a change, so that needs to be thought through.
You could look at what might be changed with a search like:
grep -Eri 'pref|chall|tls' /etc/letsencrypt/renewal/

system · February 28, 2019, 6:29am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.