Hi.
Is there a way please to install Certbot without snapd as mounting "squashfs" should be disabled in a hardened server to comply with the CIS rule 1.1.1.5 and PCI_DSS: rule 2.2.5.
Thank you.
1 Like
You can install it using the pip dropdown menu item.
Alternatively, if your distro of choice packages Certbot, you could install that.
6 Likes
There may also be the source code that can be compiled.
But a much simpler solution is to look at some of the other ACME clients out there.
1 Like
Certbot is Python, an interpreted language. Although Python can be bytecoded partially, it doesn't require compiling like a C, C++ or Go.
Using pip is probably a good alternative for snap or not-up-to-date OS packages (unless you're running fancy distro's like Gentoo or Arch, in that case your Certbot OS package very likely is very up to date!) No need to find other ACME clients IMO.
2 Likes
Sorry, I'm not savvy on pip, what is the latest certbot version it can provide?
2 Likes
The latest.
3 Likes
Then that seems like a good choice.
I guess I had some preconceived notion that it was tied to the outdated OS version.
2 Likes
It does have drawbacks though. I think something with dependencies et cetera. And you always should run it in a virtual environment (venv) to prevent it from messing with your systems Python.
But for some applications, if you don't have a good alternative, it's fine IMO. I run my Home Assistant in a Python virtual environment with everything installed using pip.. Works sort of fine. No need for all that Docker and/or snap nonesense.
3 Likes
...which is the big drawback of certbot in the first place.
1 Like
Don't you mean snapd (or pip in virtual environment)?
What certbot drawback?
Using "it" makes things rather vague / subject to interpretation:
Which "it" ?
1 Like
For me, it isn't a drawback at all. I run it on my Gentoo x86-64 system which already has ample Python packages installed. A few Python packages more or less isn't a big deal.
Using pip. Once I updated pip itself to the latest version, which broke my Home Assistant upgrade so I had to revert to a backup.. 
Also, using a single virtual environment for every single Python application can lead to multiple installations of the same Python package. Although the same is valid for snaps..
Dan talks about the dependency part of my post, not necessarily the "It" I think.
1 Like
Then that makes no sense - talking about two different "it"s.
Too many "it"s for me...
What was said and what I understood are three different things! LOL
1 Like
I'm lost on the "drawbacks" ...
Who's drawback?
If it can run the latest certbot, where is that drawback?
That is needs to be separated virtually?
1 Like
I don't understand what you don't understand.
1 Like
Pip has drawbacks regarding dependencies. My comment is that this drawback is inherent in certbot. Snap may insulate you from them, and pip may (or may not) prevent them from messing up other software on the system, but the fundamental problem is that certbot has a ton of python dependencies. If the certbot developers refuse (as they do) to package certbot for popular distributions, I think the much more sensible thing to do is to avoid that software entirely. It's not like there aren't dozens (maybe hundreds) of alternatives.
1 Like
Certbot is packaged in numerous popular distributions by those distributions themselves. Which is usually how it works. Distributions have maintainers for packages.
See also: https://pkgs.org/download/certbot (Although that stupid site doesn't list Gentoo... 
)
While I personally don't like snap or things like Docker, the arguments you're giving now are borderline close to "FUD" if you ask me.
3 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.