Installing Confusion Ubuntu Server 16.04


#1

Hello:

I am putting this in Uncategorized, as I am not sure if this is a Server question, or Client question, or perhaps both.

I am migrating servers to Ubuntu 16.04 and securing as well with the new builds.

I am seeing two variations on installing, one using sudo apt-get install letsencrypt, and one installing from git as instructed here. Which is right?

I think this was part of the issue with my problems installing a certificate the last time, but not sure.

There is a lot of different variations on how to install, and it’s a little confusing.

So before I try this again, I thought I would ask here first.

Thanks!

John


#2

Using letsencrypt-auto via the GitHub repo is mostly used for distributions without an official package. So most logical is using apt-get to install and update the client.


#3

So I tried with sudo apt-get install letsencrypt

Installed OK (no errors in install)

But then same issues with trying to install certificate:

~$ ./letsencrypt-auto
-bash: ./letsencrypt-auto: No such file or directory

~$ letsencrypt auto
usage:
letsencrypt [SUBCOMMAND] [options] [-d domain] [-d domain] …

The Let’s Encrypt agent can obtain and install HTTPS/TLS/SSL certificates. By
default, it will attempt to use a webserver both for obtaining and installing
the cert. Major SUBCOMMANDS are:

(default) run Obtain & install a cert in your current webserver
certonly Obtain cert, but do not install it (aka “auth”)
install Install a previously obtained cert in a server
renew Renew previously obtained certs that are near expiry
revoke Revoke a previously obtained certificate
rollback Rollback server configuration changes made during install
config_changes Show changes made to server config during installation
plugins Display information about installed plugins
letsencrypt: error: unrecognized arguments: auto

~$ letsencrypt run
An unexpected error occurred:
IOError: [Errno 13] Permission denied: '/var/log/letsencrypt/letsencrypt.log’
Please see the logfile ‘letsencrypt.log’ for more details.

~$ sudo letsencrypt run
No installers seem to be present and working on your system; fix that or try running letsencrypt with the “certonly” command

~$ sudo letsencrypt certonly -d mydomain.com -d www.mydomain.com

                                    The program apache2 (process ID 15109) is already listening on TCP
                                    port 80. This will prevent us from binding to that port. Please stop
                                    the apache2 program temporarily and then try again.

But if I stop apache, then it can’t find the server to authenticate.

Failed authorization procedure. www.mydomain.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to host for DVSNI challenge, mydomain.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to host for DVSNI challenge

~$ sudo letsencrypt --apache certonly -d mydomain.com -d www.mydomain.com
The requested apache plugin does not appear to be installed

~$ sudo letsencrypt certonly --standalone -d mydomain.com -d www.mydomain.com

                                    The program apache2 (process ID 15109) is already listening on TCP
                                    port 80. This will prevent us from binding to that port. Please stop
                                    the apache2 program temporarily and then try again.

Again, if I stop apache, then it can’t find the server to authenticate.

Same issues I had trying to install on Ubuntu 14.04
Some combination I finally got to work when I did this a month ago on 14.04, so it would at least give me the certificates, and I installed manually in the vhost conf file.

I’m not having any luck this time with Ubuntu 16.04, nothing seems to work now.

It’s very frustrating when the directions on the Letsencrypt site don’t match with the apt-get install version, and if you try and search around, there are dozens of variations on how to do this, and nothing seems to work.

I understand this is new, and everyone has different configurations, but it shouldn’t be this difficult.

I’m open to suggestions…

Otherwise I’ll try the git approach later, and see if I can get some combination to work that way.

Thanks!


#4

To clarify, there are two installation options:

  • With the git-style installation, you’ll use ./letsencrypt-auto to run the client
  • If you’re installing from a distribution repository, the binary is called letsencrypt. There shouldn’t be any auto anywhere in your commands if you go for that option.

Here’s the more detailed description straight from the docs:

If letsencrypt is packaged for your Unix OS, you can install it from there, and run it by typing letsencrypt. Because not all operating systems have packages yet, we provide a temporary solution via the letsencrypt-auto wrapper script […]
And since letsencrypt-auto is a wrapper to letsencrypt, it accepts exactly the same command line flags and arguments.


Anyway, if you want to use the apache plugin for letsencrypt, you’ll need to install a separate package:

apt install python-letsencrypt-apache

sudo letsencrypt will now start with the apache plugin by default (no need for any other arguments if that’s all you need).