I received a scary email from email@example.com mentioning I should update my ACME client as TLS-SNI-01 validation is reaching end-of-life. Unfortunately the guy who setup our server environment is no longer available and I don’t have any clue how to resolve this update request.
I followed the suggestions in the mail and followed How to stop using TLS-SNI-01 with Certbot as we are using certbot. First step in this tutorial is to check the certbot version using certbot --version. Turns out certbot version is certbot 0.19.0. I am on a aws ec2 instance ubuntu-xenial-16.04-amd64.
As the version is too low I try to update by going to https://certbot.eff.org/ I fill out my software (Nginx) and system (ubuntu 16.0.4) and i get forwarded to a page on how to install certbot. However, I am not interested in installing certbot, I need to upgrade it. I googled and found that sudo apt-get install certbot should be run to resolve. However the output is:
Reading package lists... Done Building dependency tree Reading state information... Done You might want to run 'apt-get -f install' to correct these: The following packages have unmet dependencies: certbot : Depends: python3-certbot (= 0.31.0-1+ubuntu16.04.1+certbot+1) but it is not going to be installed libstdc++6 : Depends: gcc-5-base (= 5.4.0-6ubuntu1~16.04.9) but 5.4.0-6ubuntu1~16.04.11 is to be installed E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution).
I try to resolve by running apt-get -f install and then get
E: dpkg was interrupted, you must manually run ‘sudo dpkg --configure -a’ to correct the problem.
Then I run sudo dpkg --configure -a and then the process just hangs at
(Reading database … 95%
Stuck. I am a noob regarding this kind of topics and have no idea how to further proceed from here and prevent my SSL certificate become outdated
Any help greatly appreciated.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
Ubuntu, 16.04 LTS, amd64 xenial image build on 2017-10-26
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):