Update your ACME client


#1

I received an email telling me that I need to update your ACME client

My domains are: www.valleonabogados.com www.tacholab.es www.asesoriaadr.com www.robkey.es

My web server is (include version): HP
The operating system my web server runs on is (include version): Ubuntu 16.04
Apache/2.4.18 (Ubuntu)
PHP Version 7.0.32-0ubuntu0.16.04.1
ACME client: certbot

What do I have to do to change the validation method to HTTP-01, DNS-01 or TLS-ALPN-0?


#2

What ACME client are you using? What version? How did you install it?


#3

Same question here. I just followed the steps on the website to install the certificates. I have no idea what an ACME client is and how to change it. Is there a document giving the procedure?


#4

Hi @JScarry

which website? There are some sites who offer Letsencrypt certificates.

If you upload a validation file manual, then you use http validation.


#5

I am in the same boat, but I remember more I think. So originally there was a client called LetsEncrypt. Then we were instructed to switch it to CertBot. So what do we need to do for CertBot.


#6

Certbot
To install it I followed the following steps

Thanks


#7

Hi @joshk03

Client Letsencrypt = Client Certbot = Client Certbot-auto

It’s all the same, only different names.


#8

It was a while ago and the website was the one sponsored by EFF. I think it is now at certbot.eff.org.


#9

Same situation,

I setted up with Certbot more than a year a go and I recived this notification,

“You need to update your ACME client to use an alternative validation method (HTTP-01, DNS-01 or TLS-ALPN-01) before this date or your certificate renewals will break and existing certificates will start to expire.”

What steps shall I follow with Ubuntu with apache? Shall I just repeat the process @ https://certbot.eff.org/lets-encrypt/ubuntutrusty-apache ?

Thanks


#10

If you installed Certbot from the PPA (sudo add-apt-repository ppa:certbot/certbot etc) then you can update it in the usual Ubuntu way:

sudo apt-get update
sudo apt-get full-upgrade

If you installed it from the Ubuntu repositories, you can follow the instructions on https://certbot.eff.org to get an up-to-date version.

If you installed certbot-auto (or letsencrypt-auto), it should update itself automatically when you run it.


#11

And how we could update only Certbot?


#12

I haven’t tried it myself as I normally update everything :slight_smile: but according to this you can update a single package with:

sudo apt-get install --only-upgrade <packagename>

Note that you may need to update some other packages as well as certbot itself e.g. the apache/nginx plugins.


#13

and how <packagename> would look using previous versions of certbot?


#14

Again, there are a few, and the exact names may depend on your operating system version but certbot is one, and names like python3-certbot and python3-certbot-apache etc. Try apt search certbot for the full list (though you might not have them all installed). If it’s old enough to be named letsencrypt, then you should really switch to using the PPA.


#15

Assuming I don’t recall the exact command I used to install it years ago, how do I get you the info you need offer the advice I need?
I have the folder etc/letsencrypt, but I get the feeling that doesn’t tell us anything.


#16

apt list --installed
yum list installed

or grep that output for certbot or letsencrypt
[may require sudo]


#17

Also you can just try running certbot --version, letsencrypt --version, certbot-auto --version etc, see which one works.

apt policy certbot
may be helpful, if you installed a package but you’re not sure whether you used the PPA or not

In your particular case @joshk03, it seems you did use the PPA :wink:


#18

Good find on that old post, however I have two servers, and don’t know which one I was posting about back then.

root@www:~# certbot --version
certbot 0.26.1
root@www:~# letsencrypt --version
certbot 0.26.1
root@www:~# certbot-auto --version
certbot-auto: command not found

root@www:~# apt list --installed

python3-acme/now 0.26.0-1+ubuntu16.04.1+certbot+1 all [installed,upgradable to: 0.28.0-1+ubuntu16.04.1+certbot+3]

python3-certbot/now 0.26.1-1+ubuntu16.04.1+certbot+2 all [installed,upgradable to: 0.28.0-1+ubuntu16.04.1+certbot+4]

python3-certbot-apache/now 0.25.0-2+ubuntu16.04.1+certbot+1 all [installed,upgradable to: 0.28.0-1+ubuntu16.04.1+certbot+3]


#19

Not sure if you use all three but looks like all three can be upgraded.
Try:
apt-get install --only-upgrade python3-acme python3-certbot python3-certbot-apache


#20

So I SSH…

85 packages can be updated.
41 updates are security updates.

Oh no, why is unattended upgrades broken?..

root@www:~# apt-get update && apt-get upgrade
Hit:1 http://mirrors.digitalocean.com/ubuntu xenial InRelease
Hit:2 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial InRelease
Hit:3 http://mirrors.digitalocean.com/ubuntu xenial-updates InRelease
Hit:4 http://mirrors.digitalocean.com/ubuntu xenial-backports InRelease
Hit:5 http://mirrors.digitalocean.com/ubuntu xenial-security InRelease
Reading package lists… Done
Reading package lists… Done
Building dependency tree
Reading state information… Done
You might want to run ‘apt-get -f install’ to correct these.
The following packages have unmet dependencies:
udev : Depends: libudev1 (= 229-4ubuntu21.9) but 229-4ubuntu21.8 is installed
E: Unmet dependencies. Try using -f.
root@www:~#

**!!..

root@www:~# apt-get install --only-upgrade python3-acme python3-certbot python3-certbot-apache
Reading package lists… Done
Building dependency tree
Reading state information… Done
You might want to run ‘apt-get -f install’ to correct these:
The following packages have unmet dependencies:
certbot : Depends: python3-certbot (= 0.26.1-1+ubuntu16.04.1+certbot+2) but 0.28.0-1+ubuntu16.04.1+certbot+4 is to be installed
python3-certbot : Depends: python3-ndg-httpsclient but it is not going to be installed
udev : Depends: libudev1 (= 229-4ubuntu21.9) but 229-4ubuntu21.8 is to be installed
E: Unmet dependencies. Try ‘apt-get -f install’ with no packages (or specify a solution).
root@www:~#

AHHH