OpenSUSE Leap 15 and Certbot upgrade / install


#1

Trying to upgrade certbot version 0.24 to version 0.28 or better the current release 0.30.2 but cannot find out how to achieve this on openSUSE Leap 15. certbot was initially installed via yast.

Certificates are updatting fine.

Downloaded the tar.gz file for version 0.30.2 but have failed to workout how to get 0.30.2 installed.

Very grate full if someone could help me through this process.


#2

worked it out…

pip install certbot-apache in the dierectory where the unpacked files were placed.


#3

The official certbot site has a guide to install certbot for OpenSuse Leap:

It uses zypper to install it. So I guess you might want to consider using zypper to upgrade certbot too.


#4

tried that upgrade failed, well it appeared to complete with success but when i checked the certbot version, upgrade had not completed. Still old version.

using zypper, zypper presumably was downloading and installing the latest version opensuse have which is version 0.24.

i downloaded 0.30.2, unpacked it and ran the command pip install certbot-apache and all went well. A dry run to upgrade certificates completed successfully.

guessing i’ll now have to wait until the 28th April to see if certificates update correctly automatically


#5

I’m thinking it won’t go well for you. You say you’ve unpacked a tar.gz file. But where to did you extract it? To root (/)? Or to a specific location?

Also, it seems OpenSUSE patches some certbot files in the official package to use /etc/certbot in stead of /etc/letsencrypt (and similar directories in /var et c.).
Any manual installed package wouldn’t have that patch I recon. So even if your cronjob somehow manages to find and use the manually installed certbot, it probably wouldn’t do anything, because /etc/letsencrypt is empty.

I agree using zypper to upgrade wasn’t good advice, as it isn’t up2date indeed. There are two community packages for certbot 0.30 however. I have absolutely NO clue how secure OpenSUSE community packages are. But might be something to consider.

If community pacakges aren’t something you feel comfortable with, I would suggest using certbot-auto to install certbot, as that method is at least supported by Let’s Encrypt. Manually untarring tar.gz files to somewhere almost never is a good idea.


#6

I unpacked the files in a sub folder of root.

when i run the command certbot --version i get the reply certbot 0.30.2 and the certificates have updated too.

how should i do this, this is my first time installing something that failed to upgrade using yast

Should i do this again in a different way?

when i run the command certbot renew --dry-run the process completes without error and says success, congratulations all renewalls completed successfully, test certificates have not been saved


#7

Well, if it seems to work… :man_shrugging: I’m not familiar with OpenSUSE. I guess if it works, it works :slight_smile:


#8

Check:
which certbot
If that file returns the new version then you should be fine.


#9

The issue in current opensuse 15.0 package:
certbot --version
certbot 0.30.2

It seems to be that it installs certificates and maintains configuration in /etc/certbot instead of default /etc/letsencrypt BUT does not use it from there for many commands such as:

certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No certs found.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

or:

certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

This can be solved by one of following ways:
a) using –config-dir /etc/certbot option every time
b) creating /etc/letsencrypt while maintaining /etc/certbot for opensuse compatibility

sudo mv /etc/letsencrypt /etc/letsencrypt.empty
sudo mv /etc/certbot /etc/letsencrypt
sudo ln -s /etc/letsencrypt /etc/certbot

Either a) or b) works

Hope it helps, Tomas


#11

Hello,

Somewhat puzzled by this email.

You have simply copied and pasted my own text!!


#12

It was a spammer. Sometimes they copy and paste older posts, and then add links to them. I’m sorry for the inconvenience. The post has been deleted, but that was after the forum software emailed it to you. :slightly_frowning_face:


#13

Hello Matt,

Thought it was very odd, but appeared to be so genuine at the same time, hence my simplistic reply several days after receiving it.

Thank you for letting me know.

Mark


closed #14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.