I would forcibly update this "problematic" entry first:
1 Like
thanks @rg305, I did want that second opinion before forcing anything. All seems good now, I was able to run all updates. Certbot looks happy too:
root@www:~# certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/example.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for example.com
http-01 challenge for xyz.example.com
http-01 challenge for www.example.com
Waiting for verification...
Cleaning up challenges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/example.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/example.com/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@www:~#
Thanks for the help guys!
2 Likes
Excellent!
1 Like
So by running this command:
apt-cache policy certbot | grep -i Installed
I get:
Installed : 0.17.0-2+ubuntu14.04.1+certbot+1
is that enough to figure out how to update it?
PS
I'm 99% sure that I followed this steps to install it ( 2 years a go? )
If you run just apt-cache policy certbot without the grep it should tell you the actual URL of the repository it came from. But I think +certbot+1 also indicates it came from the PPA. If indeed you followed that tutorial, then it definitely installed it from the PPA.
certbot:
Installed: 0.17.0-2+ubuntu14.04.1+certbot+1
Candidate: 0.28.0-1+ubuntu14.04.1+certbot+4
Version table:
0.28.0-1+ubuntu14.04.1+certbot+4 0
500 Index of /certbot/certbot/ubuntu trusty/main amd64 Packages
*** 0.17.0-2+ubuntu14.04.1+certbot+1 0
100 /var/lib/dpkg/status
Yep so you can see http://ppa.launchpad.net/certbot/certbot/ubuntu/ is the URL of the PPA, and you can also see that the latest version available from there is 0.28.
As for how to update it, Iād usually recommend the normal Ubuntu method:
sudo apt update
sudo apt full-upgrade
which will of course update all your packages, including certbot, which is usually a good thing. If for some reason you want to upgrade only the certbot packages you can do it this way.
I executed it. Does this mean it will auto renew next month?
Thank you very much for your time
It should (assuming your cert is due for renewal by then). If you want to be sure it will work, you can test it with:
certbot renew --dry-runSaving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/example.com.conf
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for example.com
Waiting for verification...
Cleaning up challenges
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/example.com/fullchain.pem
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/example.com/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
Sound good? ( I'm still asking because in theory update will be required next month )
Yep, that looks fine.
1 Like
After upgrading certbot (using sudo apt-get install --only-upgrade certbot) I did the --dry-run command on got this error message:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Currently, the renew verb is capable of either renewing all installed certificates that are due to be renewed or renewing a single certificate specified by its name. If you would like to renew specific certificates by their domains, use the certonly command instead. The renew verb may provide other options for selecting certificates to renew in the future.
What should I do?
What was the exact command you ran? You canāt use ācertbot renew --dry-run -d example.comā. You can use ācertbot renew --dry-runā or ācertbot renew --dry-run --cert-name example.comā.
If you have an older version of Certbot, it might be a problem if domains are specified in /etc/letsencrypt/cli.ini.
I used ācertbot renew --dry-runā
I donāt think I have an older version of Certbot, since I upgraded it with apt today. There is nothing in cli.ini other than one line disabling log rotations.
(EDIT) I just tried the command again and it executed as expected. It appears that the upgrade is good.
You might have got that error if you originally typed certbot renew -dry-run with one hyphen instead of two.
1 Like
Could have been. Thanks!
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.