OpenSUSE Leap 15 and Certbot upgrade / install


#1

Trying to upgrade certbot version 0.24 to version 0.28 or better the current release 0.30.2 but cannot find out how to achieve this on openSUSE Leap 15. certbot was initially installed via yast.

Certificates are updatting fine.

Downloaded the tar.gz file for version 0.30.2 but have failed to workout how to get 0.30.2 installed.

Very grate full if someone could help me through this process.


#2

worked it out…

pip install certbot-apache in the dierectory where the unpacked files were placed.


#3

The official certbot site has a guide to install certbot for OpenSuse Leap:

It uses zypper to install it. So I guess you might want to consider using zypper to upgrade certbot too.


#4

tried that upgrade failed, well it appeared to complete with success but when i checked the certbot version, upgrade had not completed. Still old version.

using zypper, zypper presumably was downloading and installing the latest version opensuse have which is version 0.24.

i downloaded 0.30.2, unpacked it and ran the command pip install certbot-apache and all went well. A dry run to upgrade certificates completed successfully.

guessing i’ll now have to wait until the 28th April to see if certificates update correctly automatically


#5

I’m thinking it won’t go well for you. You say you’ve unpacked a tar.gz file. But where to did you extract it? To root (/)? Or to a specific location?

Also, it seems OpenSUSE patches some certbot files in the official package to use /etc/certbot in stead of /etc/letsencrypt (and similar directories in /var et c.).
Any manual installed package wouldn’t have that patch I recon. So even if your cronjob somehow manages to find and use the manually installed certbot, it probably wouldn’t do anything, because /etc/letsencrypt is empty.

I agree using zypper to upgrade wasn’t good advice, as it isn’t up2date indeed. There are two community packages for certbot 0.30 however. I have absolutely NO clue how secure OpenSUSE community packages are. But might be something to consider.

If community pacakges aren’t something you feel comfortable with, I would suggest using certbot-auto to install certbot, as that method is at least supported by Let’s Encrypt. Manually untarring tar.gz files to somewhere almost never is a good idea.


#6

I unpacked the files in a sub folder of root.

when i run the command certbot --version i get the reply certbot 0.30.2 and the certificates have updated too.

how should i do this, this is my first time installing something that failed to upgrade using yast

Should i do this again in a different way?

when i run the command certbot renew --dry-run the process completes without error and says success, congratulations all renewalls completed successfully, test certificates have not been saved


#7

Well, if it seems to work… :man_shrugging: I’m not familiar with OpenSUSE. I guess if it works, it works :slight_smile:


#8

Check:
which certbot
If that file returns the new version then you should be fine.