Problem updating ACME client


#1

I received a scary email from noreply@letsencrypt.org mentioning I should update my ACME client as TLS-SNI-01 validation is reaching end-of-life. Unfortunately the guy who setup our server environment is no longer available and I don’t have any clue how to resolve this update request.

I followed the suggestions in the mail and followed How to stop using TLS-SNI-01 with Certbot as we are using certbot. First step in this tutorial is to check the certbot version using certbot --version. Turns out certbot version is certbot 0.19.0. I am on a aws ec2 instance ubuntu-xenial-16.04-amd64.

As the version is too low I try to update by going to https://certbot.eff.org/ I fill out my software (Nginx) and system (ubuntu 16.0.4) and i get forwarded to a page on how to install certbot. However, I am not interested in installing certbot, I need to upgrade it. I googled and found that sudo apt-get install certbot should be run to resolve. However the output is:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
You might want to run 'apt-get -f install' to correct these:
The following packages have unmet dependencies:
 certbot : Depends: python3-certbot (= 0.31.0-1+ubuntu16.04.1+certbot+1) but it is not going to be installed
 libstdc++6 : Depends: gcc-5-base (= 5.4.0-6ubuntu1~16.04.9) but 5.4.0-6ubuntu1~16.04.11 is to be installed
E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution).

I try to resolve by running apt-get -f install and then get
E: dpkg was interrupted, you must manually run ‘sudo dpkg --configure -a’ to correct the problem.

Then I run sudo dpkg --configure -a and then the process just hangs at
(Reading database … 95%

Stuck. I am a noob regarding this kind of topics and have no idea how to further proceed from here and prevent my SSL certificate become outdated

Any help greatly appreciated.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
https://safetransfer.online/

I ran this command:
(see above)

It produced this output:
(see above)

My web server is (include version):

The operating system my web server runs on is (include version):
Ubuntu, 16.04 LTS, amd64 xenial image build on 2017-10-26

My hosting provider, if applicable, is:
AWS

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.19.0


#2

With well-made packages for Ubuntu (any Debian-derivtive, and probably most other Linux distributions, put I have very little experience to build that on), the installation process will detect that there was an older version, and behave sensibly. I.e. upgrading and installing is basically the same task.

What you did makes sense, and I have never seen dpkg get stuck there before, so I have no good ideas on what might be wrong.


#3

Can you run sudo apt update, sudo apt upgrade and sudo apt full-upgrade?

apt install can also be used to upgrade a package, but it’s not designed to upgrade all other packages that might be important.