When I "sudo certbot renew", I obtain the folowing message:
"Properties that return a naïve datetime object have been deprecated. Please switch to this_updatetime object have been deprecated. Please switch to this_update_utc."
When I do "sudo apt upgrade certbot", it shows some updates:
"certbot python3-acme python3-certbot python3-configargparse python3-icu python3-josepy python3-openssl python3-parsedatetime python3-requests-toolbelt python3-rfc3339 python3-tz python3-zope.component python3-zope.event python3-zope.hookable python3-zope.interface"
Do I need to apply these updates, and will it resolve the "naïve datetime object have been deprecated" message/problem!?
Hey Bruce,
Here what I obtain after upgrade, when I "sudo certbot renew", it gives me the following message/error:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Attempting to parse the version 2.11.0 renewal configuration file found at /etc/letsencrypt/renewal/lodweb.ovh.conf with version 1.12.0 of Certbot. This might not work.
Cert not yet due for renewal Could not choose appropriate plugin for updaters: Could not select or initialize the requested installer apache.
The following certificates are not due for renewal yet:
/etc/letsencrypt/live/lodweb.ovh/fullchain.pem expires on 2024-12-16 (skipped)
No renewals were attempted.
What about this red-message Could not choose appropriate plugin for updaters: Could not select or initialize the requested installer apache.!?
You're trying to use the distribution packages of Certbot, which have been deprecated and unsupported for many years.
It looks like somehow your installation attempts downgraded from 2.11 (Jun 6, 2024) to 1.12 (Feb 2, 2021). The 1.12 is the debian package version. I'm not sure how you got 2.11 installed though. Is it possible you imported this config file from another machine and never had 2.11?
Your easiest fix is probably to uninstall the certbot package , then follow the instructions on the link @Bruce5051 provided to install the snapd version. An alternate would be doing a PIP install from that same link, though that is not recommended unless you are familiar with Python.
Thank You JVanasco; in fact I've installed certbot via snap; but as I've seen the message in topic, I searched and found an upgrade on apt, and apply it; now the new error; ok I'll try to uninstall certbot package and install certbot via snap over the already installed version.
Removed all certbot package;
then sudo snap install --classic certbot
gives: snap "certbot" is already installed, see 'snap help refresh'
sudo snap refresh certbot
gives: snap "certbot" has no updates available
Removed certbot-auto and any Certbot OS packages, done;
then sudo ln -s /snap/bin/certbot /usr/bin/certbot
and sudo certbot --apache
It asks which names to activate for https, but only gives me 1: choice (lodweb.ovh) when I also need www.lodweb.ovh
I can't remember the way i've done it in the past!? Something like:
sudo certbot certonly --apache -d lodweb.ovh -d www.lodweb.ovh
???
So I've done that, and kept the existing cert: Certificate not yet due for renewal; no action taken
in root: certbot renew, gives no error
TY all, it seems ok!
sudo certbot certificates
gives same message as topic:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
/snap/certbot/4182/lib/python3.12/site-packages/certbot/ocsp.py:238: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to this_update_utc.
if not response_ocsp.this_update:
/snap/certbot/4182/lib/python3.12/site-packages/certbot/ocsp.py:240: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to this_update_utc.
if response_ocsp.this_update > now + timedelta(minutes=5):
/snap/certbot/4182/lib/python3.12/site-packages/certbot/ocsp.py:242: CryptographyDeprecationWarning: Properties that return a naïve datetime object have been deprecated. Please switch to next_update_utc.
if response_ocsp.next_update and response_ocsp.next_update < now - timedelta(minutes=5):
Found the following certs:
Certificate Name: lodweb.ovh
Serial Number: 4d560ecb60715ae4bd32ce0a3403b8b5b7c
Key Type: RSA
Domains: lodweb.ovh www.lodweb.ovh
Expiry Date: 2024-12-16 08:52:04+00:00 (VALID: 38 days)
Certificate Path: /etc/letsencrypt/live/lodweb.ovh/fullchain.pem
Private Key Path: /etc/letsencrypt/live/lodweb.ovh/privkey.pem
It does not look like you setup a VirtualHost for port 80 that had your domain name in it.
Please show contents of this file and we can sort this out.
As for the cryptography warning, I don't know about that. You'll have to wait for another volunteer here or ask on the EFF's github for Certbot (they are the developers): Issues · certbot/certbot · GitHub
Are you sure you are running the snap version though? What does this say
thank you Mike
here my Apache ; which is working well since months, but if you think it can be improved, of'course tell me:
<VirtualHost *:80>
2 # The ServerName directive sets the request scheme, hostname and port that
3 # the server uses to identify itself. This is used when creating
4 # redirection URLs. In the context of virtual hosts, the ServerName
5 # specifies what hostname must appear in the request's Host: header to
6 # match this virtual host. For the default virtual host (this file) this
7 # value is not decisive as it is used as a last resort host regardless.
8 # However, you must set it for any further virtual host explicitly.
9 #ServerName [www.example.com](http://www.example.com)
10
11 ServerAdmin webmaster@localhost
12 DocumentRoot /var/www/html
13
14 # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
15 # error, crit, alert, emerg.
16 # It is also possible to configure the loglevel for particular
17 # modules, e.g.
18 #LogLevel info ssl:warn
19
20 ErrorLog ${APACHE_LOG_DIR}/error.log
21 CustomLog ${APACHE_LOG_DIR}/access.log combined
22
23 # For most configuration files from conf-available/, which are
24 # enabled or disabled at a global level, it is possible to
25 # include a line for only one particular virtual host. For example the
26 # following line enables the CGI configuration for this host only
27 # after it has been globally disabled with "a2disconf".
28 #Include conf-available/serve-cgi-bin.conf
29 RewriteEngine On
30 RewriteCond %{HTTPS} !=on
31 RewriteRule ^/?(.*) [https://%](https://%){SERVER_NAME}/$1 [R=301,L]
32 RewriteCond %{SERVER_NAME} =lodweb.ovh
33 RewriteRule ^ [https://%](https://%){SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
34 </VirtualHost>
35 <VirtualHost *:443>
36 ServerAdmin webmaster@localhost
37 DocumentRoot /var/www/html
38 ErrorLog ${APACHE_LOG_DIR}/error.log
39 CustomLog ${APACHE_LOG_DIR}/access.log combined
40 SSLEngine on
41 ServerName lodweb.ovh
42 SSLCertificateFile /etc/letsencrypt/live/lodweb.ovh/fullchain.pem
43 SSLCertificateKeyFile /etc/letsencrypt/live/lodweb.ovh/privkey.pem
44 Include /etc/letsencrypt/options-ssl-apache.conf
45 </VirtualHost>
Well, it wasn't and isn't working well for your www subdomain. Because you don't have a VirtualHost for port 80 with either of your domain names Apache selects the first VHost to process those. Which is fine if you only ever have one even though it is not good practice.
Certbot won't know what names to pick because they aren't listed. Which is a problem you had.
Add the ServerAlias for www.lodweb.ovh like shown above
I'd guess at one time your HTTP->HTTPS redirects did not work properly either. Because you have two different styles of redirects. The end result is they work now but the below would be clearer (maybe not but what you have is unusual).
That report was for a pip install. You are using snap. I am pretty sure snap is supposed to be self-contained to avoid these kinds of problems. I am not a snap / pip wizard though.
