Snapd does not working - reboot into a 4.4 kernel necessary

My domain is:
www.pfeiffer-koberstein-immobilien.de
I ran this command:
sudo snap install --classic certbot
It produced this output:
error: system does not fully support snapd: you need to reboot into a 4.4 kernel to start using
snapd

My web server is (include version):
Apache/2.4.7 (Ubuntu)

The operating system my web server runs on is (include version):
Linux Kernel version 3.13.0-79-generic

My hosting provider, if applicable, is:
Strato root server
I can login to a root shell on my machine (yes or no, or I don't know):
yes

Hello,
I try to install certbot for using let's encrypt, but after installing snapd, i got this error, when I try to install certbot:
sudo snap install --classic certbot
error: system does not fully support snapd: you need to reboot into a 4.4 kernel to start using
snapd
My Questions:

how can I solve this problem? it seems to be a bigger thing, and I don't want to break our system.
is it possible, to install certbot without snap, in a normal way, for example with
sudo apt install certbot?

Thanks for your help
iksmax

1 Like

Which Ubuntu version is that, what you're running?

1 Like

Ubuntu 14.04.4 LTS, trusty

Ubuntu 14.04 is end of life for more than 2 years now.

1 Like

yes I know, but upgrading to 16.04 has greater consequences to our mysql database scripts, mysql to mysqli,

Which is of course something that should have been done already.

Anyway, I don't think Ubuntu 14.04 is supported by certbot, but you might have some luck with the "pip" instructions on the certbot website.

1 Like

that's PHP 5 thing not ubuntu 14 thing, update Ubuntu all the way to 20.04 and install php 5.6 from ppa.
https://prototype.php.net/versions/5.6/install/ubuntu_ppa

not that php5 on internet is good idea though

1 Like

I think the general advice around trying to get a certificate on older systems is to use a different client with minimal dependencies, like something in the client list using Bash or Go.

But if your system isn't getting security updates, it's not like adding a certificate would suddenly make anything "secure". It may just give your users a false sense of security.

2 Likes

thanks for your answers, snap does not work because i need kernel 4.4 instead of 3.13.
It's a running server, LAMP System, ubuntu server version, php PHP 5.5.9,
... I've another idea, .. i have a local machine with
snap 2.48.3 ubuntu 16.04, kernel 4.4.0-203-generic

So, i could install certbot on this machine, there generating the certificates without --apache option, and transfering these certificates to the other server, where I save the certifcates in the correct directory corresponding to the apache virtual hosts configuration.
Is this possible? I cannot see any problems.

It's possible to issue certificates on different hosts than the actual server, but keep in mind there is a challenge to be validated. So it depends on the setup of your servers if it's easy to do. Also, keep in mind that Let's Encrypt advocates automated certificate renewal, so it's recommended to somehow automate the transfer of the certificate at renewal and all the things that come with it, such as reloading the webserver or other services using the certificate.

It's probably easier to use the pip method of installing certbot. If you keep the vulnerable server around anyway, it doesn't really make a difference running certbot on a different host.

You say this server runs MySQL, OK.
If that database can be pushed back, and away from direct Internet access, you might buy this system a bit more lifetime.
I would put in another, more secure system, in the path; And use it to serve the Internet public - while using the database on the older system as only accessible from this newer system.

[but I am known to be of the paranoid type]

You should get your certificate on a different host (using DNS validation) then copy the certificate files to the destination host on each renewal (and restart required services). If the rest of the system is also quite old you should consider a reverse proxy back to this service to protect it from the most malicious traffic.

Regarding the system age (off-topic), if you can't get support from Ubuntu then nobody else can help you either. If this system matters to your business then migrating or retiring this system should be your number one priority. You either need to shut it down, migrate it, or re-develop it and if it's not your call then it's not something you can reasonably support either. I can see it's also an old website/application in general (I'm guessing the code for this was built up to 20 years ago?), so someone needs to decide what happens next. The biggest risk with older web based systems is that the site simply gets hacked and data is either lost or leaked.

1 Like

thanks for your answers, ..
We usually renew our LAMP system when ordering a new root server and this will soon be the case, ... for security reasons we're working with VPN, virus programs and traffic monitoring,
petercooperjr had a good tip, so I implemented getssl, a simple bash script on the ssh console, and it works very well, there you can generate the certificates locally and load them onto the server via ssh,I prefer this approach, as the CA should be offline for security reasons, so we do for vpn

2 Likes