[Solved] SOP for keeping letsencrypt client up-to-date


#1

Hi guys,

I created a docker container that has nginx with letsencrypt built-in. It is running on ubuntu. Letsencrypt is cloned from the git repo. I have a couple of questions about how to properly update it.

I have been running a cron script every night that does the following:
git pull (to update the local files)
letsencrypt-auto -h (to let the script update its dependencies)
figure out the age of the certs, if older than 60 days, renew using letsencrypt-auto, if not, do nothing

The above was working fine until yesterday, when the letsencrypt-auto script got updated to 0.5.0. Now, git pull is giving errors due to locally modified file (letsencrypt-auto).

What is the best protocol for keeping letsencrypt client up-to-date?

Thanks


#2

@bmw, can you take a look?


#3

@aptalca, what happened here is that letsencrypt-auto is self-updating. That is, letsencrypt-auto will modify itself as updates become available. This is what is causing the problems with git pull.

The best way to keep letsencrypt up to date is simply to run letsencrypt-auto. All other files from our GitHub page are unused by the script.

When we release a new version of the letsencrypt-auto and you run your local copy, letsencrypt-auto will download update and overwrite itself with the new version. Additionally, all Python packages required by letsencrypt will be updated as well.

Additionally, I believe I can simplify your renewal setup. The client has a subcommand called renew that renews your certificates only if they are within 30 days from expiration. Documentation on this flag can be found here.


#4

Thanks so much for the info.

So I take it I can remove the git pull step and just rely on the auto script updating itself. I’ll make that change.

One question I have is, does one still need to clone the git repo initially (during first install), or would just pulling the auto script alone be sufficient?

The renew flag looks excellent.I’ll look into adopting it.

Thank you.


#5

Glad I could help!

Since early February, downloading letsencrypt-auto by itself is sufficient.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.