Installing as 'letsencrypt' rather than 'certbot'


#1

why is my certbot installing as letsencrypt? If I run `letsencrypt -renew- or some valid command it works, bet why is my certbot named letsencrypt rather than certbot? Is there a way to fix this?


#2

Certbot used to be called “letsencrypt”. The project was renamed in 2016.

If you’re using a very old version (before 0.6.0), it will be called letsencrypt.

If you’re using a newer version, your package might install identical “certbot” and “letsencrypt” executables for backwards compatibility.

What OS (including version) are you using?

How did you install Certbot?

What version is it?


#3

OS: Ubuntu 16.04.5 LTS

How I installed certbot: I am not sure, it was a long time ago.

what version is it: letsencrypt version: 0.4.1

if I am using a very old version I must have initially installed it wrong. How can I do a clean reinstall of the latest version?

@mnordhoff


#4

You should visit https://certbot.eff.org/ and enter your web server and OS to get instructions to install the latest version, with the name certbot.


#5

@jsha thanks,

but now that I see it, I am pretty sure this is where I got the installation directions and did the following:

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository universe
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache 

but it installed as ‘letsecrypt’ so is there another solution?


#6

It installs as “certbot” and “letsencrypt”. They’re identical.

What do these show?

$ sudo certbot --version
$ sudo letsencrypt --version
$ sudo apt-get upgrade

#7

@mnordhoff sorry I had to work for a few hours so I was away.
anyway:

$ sudo certbot --version
–> sudo: certbot: command not found

$ sudo letsencrypt --version

–> letsencrypt 0.4.1

$ sudo apt-get upgrade

output was just upgrades installing

if certbot and letsencrypt are identical, why does the software install as letsencrypt on some systems (like mine) and certbot on others?


#8

That depends mainly on when it was installed.
But one name is just an alias to the other; so both names do exactly the same thing (on systems supporting both names).
Your ACME client is very old and only uses one name (“letsencrypt”).

Step #1: Update letsencrypt/certbot.
[Do not go on to any other step before completing step #1]


#9

@rg305 @mnordhoff

The previous answer is almost exactly what I want but when I run the commands:

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository universe
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache 

everything works until the last command and the output from that failed command is:

Reading package lists… Done

Building dependency tree

Reading state information… Done

Some packages could not be installed. This may mean that you have

requested an impossible situation or if you are using the unstable

distribution that some required packages have not yet been created

or been moved out of Incoming.

The following information may help to resolve the situation:

The following packages have unmet dependencies:

python-certbot-apache : Depends: python3-certbot-apache but it is not going to be installed

E: Unable to correct problems, you have held broken package

I’d love to upgrade letsencrypt and turn it into certbot but I am getting that problem… any ideae what that output means/how to fix it?


#10

This is usually due to problems with existing packages on the system.

You can get more information by trying to install that package directly (and rinse-repeat if it complains about a different package):

apt -y install python3-certbot-apache

#11

@_az actually I get the same output when I try to just install the broken package by running that command


#12

:\

Maybe this will show the problem:

apt -o Debug::pkgProblemResolver=true install python3-certbot-apache

I would also super double check that this step actually succeeded:


#13

@_az

firstly:
$ sudo add-apt-repository universe

‘universe’ distribution component is already enabled for all sources.

the universe command did work.

Secondly:

$ apt -o Debug::pkgProblemResolver=true install python3-certbot-apache

Reading package lists… Done

Building dependency tree

Reading state information… Done

Starting pkgProblemResolver with broken count: 1

Starting 2 pkgProblemResolver with broken count: 1

Investigating (0) python3-certbot-apache [ amd64 ] < none -> 0.28.0-1+ubuntu16.04.1+certbot+3 > ( python )

Broken python3-certbot-apache:amd64 Depends on apache2 [ amd64 ] < none -> 2.4.18-2ubuntu3.9 > ( web )

Considering apache2:amd64 1 as a solution to python3-certbot-apache:amd64 9999

Reinst Failed early because of apache2-bin:amd64

Considering apache2:amd64 1 as a solution to python3-certbot-apache:amd64 9999

Considering apache2:amd64 1 as a solution to python3-certbot-apache:amd64 9999

Done

Some packages could not be installed. This may mean that you have

requested an impossible situation or if you are using the unstable

distribution that some required packages have not yet been created

or been moved out of Incoming.

The following information may help to resolve the situation:

The following packages have unmet dependencies:

python3-certbot-apache : Depends: apache2 but it is not going to be installed

E: Unable to correct problems, you have held broken packages.


#14

I think the nature of the issue is probably that you might have Apache installed from some different package repository, or self-built .deb package?

dpkg-query -l apache2

Edit: Unfortunately I just tried my suggested solution of “just” installing python-certbot and it does omit the Certbot Apache plugin. So that’s not helpful to you.

I’m not sure how exactly to work around this apart from forcing install (skipping broken packages) or using certbot-auto instead of the PPA, @bmw might have an idea.


#15

I think so, apache was installed by serverpilot and I think they changed apache a bit to be serverpilot apache

but I did install certbot using $ apt -y install apache2 then installed certbot with $apt install certbot but when I run $ certbot -v I get the following output:

Root logging level set at 10

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Requested authenticator None and installer None

No candidate plugin

Selected authenticator None and installer None

Certbot doesn’t know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run “certbot certonly” to do so. You’ll need to manually configure your web server to use the resulting certificate.

I do not know what that output means but that is how I felt last time and you immediately knew the answer, so I am guessing that again you know why that output is printed.

Oops, posted the output twice :slight_smile:


#16

Ah. Server Pilot is a bit of a special snowflake. It uses custom directories for its webserver and how it manages certificates. Certbot doesn’t have an understanding of that environment.

Can I ask, are you 100% sure that Apache is the server at the “front” of your ServerPilot stack? The reason is, to the best of my understanding, ServerPilot usually sticks nginx in front of Apache in its configuration. This can be confirmed with something like:

ss -tlnp | grep -E "(apache|nginx)"

Finally, you might consider using this specialized community script for ServerPilot + Let’s Encrypt - https://github.com/lesaff/serverpilot-letsencrypt - rather than trying to use Certbot in the suggested way. Internally it uses certbot-auto, and it is pre-configured to deal with ServerPilot environments itself.


#17

Yes it is nginx, you are right.

Now that I have installed certbot, are you telling me to reinstall certbot-auto using sple.sh?


#18

Well, it’s not strictly necessary. You can definitely use your currently Certbot like:

 certbot certonly -d example.org --webroot -w /path/to/your/webroot

and then configure your nginx config to use that certificate.

The only reason I suggest to use that script is that it can do some of the more complicated manual steps for you, like generating your SSL virtualhosts in nginx and reloading nginx during renewals.

Since ServerPilot is not officially an environment supported by Certbot, you’d otherwise be “on your own” (or requiring community support).


#19

oh ok thank for telling me before it became a problem, I will reinstall using sple.sh then. Do I have to remove the old versions of certbot and letsencrypt before installing certbot-auto first?


#20

Yes, it’s a good idea to only have a single variant of Certbot installed. It could cause some problems with the configuration directory and redundant cron tasks.