Trouble updating certbot to get the --prefered-chain command (to force ISRG Root X1)


Our domains have been affected by the DST Root CA X3 expiration.

The only solution we found was to update certbot to at least 1.12 to have access to the --prefered-chain command to force ISRG Root X1.

The problem is that certbot only goes up to 0.31 with apt.

We tried snapd but it seems to not be compatible with our Ubuntu 16.04 (error: system does not fully support snapd: cannot mount squashfs image using "squashfs": mount: unknown filesystem type 'squashfs')

Same goes for pip installation, which shows errors that seems to be linked to our python version.

Any help would be appreciated to update our certbot version, like many others, our system is down and clients are waiting.

Thanks !

1 Like

Your OS is unfortunately out of support and you should plan to upgrade it. That’s not very helpful in this moment. To get around the old certbot problem, you should switch to another client that can be installed. Many people switch to in this scenario. You can read their docs and search for help on it in the forum. Please note that recently updated their default ACME server to another provider. If you want to continue using Let’s Encrypt you will need account for that when configuring.


Wouldn't the pip installation method be an option?


I don't think they're able to because python on Ubuntu 16.04 is so old.


Whoops, missed that one.


What about another ACME client?


+1 is so easy to use on any system which can run shell scripting - been using it for 5+ yrs for my integration into automated Nginx HTTPS sites generation. See GitHub - acmesh-official/ A pure Unix shell script implementing ACME client protocol

FYI, defaults to using ZeroSSL but can be switched back to Letsencrypt easily CA · acmesh-official/ Wiki · GitHub and Change default CA to ZeroSSL · acmesh-official/ Wiki · GitHub. Though with current issues and if you hit Letsencrypt rate limiting, you can just use ZeroSSL :smiley: supports preferred chain too Preferred Chain · acmesh-official/ Wiki · GitHub and soon you can set it system wide by default Setting Preferred Chain system wide? · Issue #3717 · acmesh-official/ · GitHub


9 posts were split to a new topic: Apache challenge file / redirection issue

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.