Issue updating letsencrypt to certbot

Hi all,

I'm on Apache on Debian 9, updated, upgraded and bounced. I'm trying to upgrade from letsencrypt to certbot SSL. The domain I'm using is: www.freelettersfromsantaclaus.com/

I'm using these instructions: https://certbot.eff.org/lets-encrypt/debianstretch-apache.html

All cool until step "5. Install Certbot"

sudo snap install --classic certbot
I paraphrase: no stable version available, use --edge instead

sudo snap install --edge certbot
to install edge, use --classic (rolls eyes)

snap info certbot
it's not lying

sudo snap install --edge certbot --classic
result!

TLDR: So I have the edge version installed as that was the only available option.

Step 7.

Upgrading letsencrypt so don't need apache changes as already sorted: sudo certbot certonly --apache

An unexpected error occurred:
OSError: cannot load library '/snap/certbot/356/usr/lib/x86_64-linux-gnu/libaugeas.so.0': /snap/certbot/356/usr/lib/x86_64-linux-gnu/libaugeas.so.0: cannot open shared object file: No such file or directory. Additionally, ctypes.util.find_library() did not manage to locate a library called '/snap/certbot/356/usr/lib/x86_64-linux-gnu/libaugeas.so.0'

Ok. Some missing files, found a thread: Certbot errors Fresh apache2 ubuntu 20.0.4 RasPi 4

Tried installing: augeas-lenses, libaugeas0, python3-augeas - nope so removed all 3 (all using apt)

Tried installing Augeas: sudo apt-get install -y augeas-tools. Nope.

Can only type with one hand so very slow here these days. I'm assuming I need to remove the --edge version and replace with a stable version (which I'm assuming doesn't depend on those files) but no idea how as I've never used snap before.

Any ideas? Many thanks in advance.

Cyclic

2 Likes

@certbot-devs Another snap issue with Debian, do you have any idea what's going on here?

1 Like

So first of all I'm very confused by "I paraphrase: no stable version available, use --edge instead". Could you say more about why no stable version seems to be available?

As you can see at https://snapcraft.io/certbot, Certbot should be available from any of {stable, beta, edge}. All of these will require the --classic flag.

But anyway, that shouldn't be related to the second problem you've indicated. All of those packages should have been included within the snap.

To answer your question directly: sudo snap remove certbot will uninstall the edge certbot you have installed, but I don't know why sudo snap install certbot --classic isn't working for you.

The specific library you mentioned should be included in the snap, so maybe the problem is related to why you ended up installing edge.

2 Likes

Hi Cyclic,

Could you please show us the output of:

dpkg -l snapd
uname -a
2 Likes

@erica I've seen this previously on non-x86-64 systems (I guess just x86 looking at the certbot snap page). But the Augeas error suggests this isn't the case here? Or are the paths of the non-x86-64 snaps the same?

1 Like

The Augeas thing is probably because snapd and Certbot disagree on what the host architecture is.

Python correctly sees the actual architecture (amd64) and tries to load the appropriate x86_64 libaugeas library.

snapd on the other hand thinks it's running on i386, which resulted in the user having installed the i386 snap, which does not include the x86_64 libaugeas library. As a result, file not found.

I think we're going to look into maybe getting this chnaged so that this disagreement doesn't exist, but it would help for @Cyclic to confirm those two commands.

2 Likes

Hi,
An attempt to remedy: Remove certbot, remove snap and retry:
sudo snap remove certbot
sudo apt purge snapd
sudo apt install snapd
sudo snap install core
sudo snap install --classic certbot

FAIL ERROR NO CLASSIC
sudo snap info certbot

name: certbot
summary: Automatically configure HTTPS using Let's Encrypt
publisher: Certbot Project (certbot-eff✓)
store-url: Install certbot on Linux | Snap Store
contact: Issues · certbot/certbot · GitHub
license: Apache-2.0
description: |
The objective of Certbot, Let's Encrypt, and the ACME (Automated
Certificate Management Environment) protocol is to make it possible
to set up an HTTPS server and have it automatically obtain a
browser-trusted certificate, without any human intervention. This is
accomplished by running a certificate management agent on the web
server.

This agent is used to:
- Automatically prove to the Let's Encrypt CA that you control the
website
- Obtain a browser-trusted certificate and set it up on your web server
- Keep track of when your certificate is going to expire, and renew it
- Help you revoke the certificate if that ever becomes necessary.
snap-id: wy7i66qPx4neXr6m9rTh7Y40h8EhtZFh
channels:
latest/stable: –
latest/candidate: –
latest/beta: –
latest/edge: 1.5.0-22-g961c57386 2020-06-14 (356) 30MB classic

Still no joy. Is there some other upgrade route?

1 Like

Please run the commands suggested by @_az above.

1 Like

Hi,
Sorry Osiris but what 2 commands are you referring to?

1 Like

If you mean: sudo apt install snapd:amd64
E: Unable to locate package snapd:amd64

1 Like

These:

1 Like

Roger that. The dpkg nothing as snapd uninstallled but the uname -a:
Linux Phantom 4.9.0-13-686-pae #1 SMP Debian 4.9.228-1 (2020-07-05) i686 GNU/Linux

1 Like

This suggests you're running a 32 bit OS, correct?

1 Like

No idea. I believe you.

1 Like

Thanks for posting that output.

The Certbot snap is no longer available on 32-bit operating systems, but you can still install an older (but functional) Certbot from the Debian Stretch repositories:

apt install python3-certbot-apache

The confusing errors you encountered will hopefully be addressed eventually, between unpublishing that --edge snap and posting separate instructions for non-snap platforms (like i386) .

1 Like

Thank you so much that installed it.

Ran the certonly option, looked good but the site still says "Not Secure" when visited. Bet you're getting sick of this now?

1 Like

Hi @Cyclic

that doesn't restart your webserver. Do that, then check your domain again.

1 Like

sudo service apache2 restart

https://www.freelettersfromsantaclaus.com is now down.

sudo reboot

still down.

1 Like

Then fix your buggy configuration you have created.

Or use your backup.

1 Like

Nothing's changed except letsencrypt.

1 Like