Instructions for replacing certbot-auto

Help
6

Thanks for the help! After digging through the comments and reading through linked stuff, here's what I ended up doing.

  1. Logged into my AWS console and created a volume snapshot.
  2. Cleaned up my cron entries. It turns out I actually had two cron entries, one in /etc/crontab calling letsencrypt-auto and one in the root user's crontab (sudo crontab -l) calling certbot-auto.
    I did:
    $ sudo vi /etc/crontab
    and went to the letsencrypt-auto entry and commented it out (for now).
    I then did:
    $ sudo crontab -e
    and deleted the certbot-auto entry.
  3. I deleted the letsencrypt-auto script (although this seems to have come back during later steps):
    $ sudo rm /opt/letsencrypt/letsencrypt-auto
  4. I removed the /opt/eff.org directory:
    $ cd /opt
$ sudo rm -rf eff.org/
  5. Installed some needed tools:
    $ sudo yum -y install python3 python3-tools augeas-libs
  6. Setup Python virtual environment:
    $ sudo python3 -m venv /opt/certbot/
$ sudo /opt/certbot/bin/pip install --upgrade pip
  7. Installed Certbot:
    $ sudo /opt/certbot/bin/pip install certbot certbot-apache
  8. Added it to a location in my PATH (for easier execution):
    $ sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot
  9. I use the webroot method for domain verification, and found that a few of my domains/aliases were missing from the letsencrypt config. So I opened that for editing and added them under the [[webroot_map]] heading:
    $ sudo vi /etc/letsencrypt/renewal/wedul.com.conf
  10. Did a renewal dry-run to test things out:
    $ sudo certbot renew --dry-run
  11. I then added a new entry to /etc/crontab and deleted the entry I had previously commented out.
    $ sudo vi /etc/crontab
    The new entry is 0 0,12 * * * root /opt/certbot/bin/python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/bin/certbot renew -q

This was all pieced together using previous comments in here as well as procedures in Certbot - Pip Apache and Uninstalling certbot-auto — Certbot 1.16.0.dev0 documentation.

I was concerned that I already had an /opt/letsencrypt directory, and wasn't instructed to delete it, but as far as I can tell, everything is okay. It also looks like the letsencrypt-auto script was put back in there at some step, and there's an identical certbot-auto script in there still too. But I guess if I'm not calling them, they're probably not hurting anything.

I might also go back and change the crontab line to execute sleep $(( RANDOM % 3600 )) && /usr/bin/certbot renew -q. I'm not quite sure why Python's being invoked for that. I'm guessing the randomness is primarily to prevent spikes on the EFF servers, so I'll leave that in there.

Thank you for the guidance!

1 Like