Using acme.sh; should I remove certbot


#1

I had my first unattended (by me) cert update using acme.sh. Untouched by human hands! That is the good news. I did a yum update and noticed certbot was updated. I then had to instruct my email reader to trust my certs again, though the date of the cert wasn’t changed.

Should I remove certbot? I did a search on the acme.sh bash script and didn’t see a mention of certbot, but I am posting here to be sure.

3.10.0-957.1.3.el7.x86_64 #1 SMP Thu Nov 29 14:49:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux


#2

If you mean to imply “Am I required to remove certbot if using acme.sh?”, (Unless things have changed recently) I don’t think they are in any way “related”, nor do they “overlap” each other - so they can co-exist without concern.
I would cron one or the other (not both) or you will end up issuing new certs twice.

I have test systems with both and both Apache and NGINX - without any issues (related to each other).


#3

This most likely indicates a misconfiguration of your mail server software or cert, as you should ever have to do this if both are correctly configured.

But as to the subject of the thread, having certbot installed won’t hurt anything other than taking a little disk space, but I wouldn’t think there’s any real reason to keep it either.


#4

I moved from certbot to acme.sh under Ubuntu 18.04, with good results.

I removed the certbot
with the package manager, which failed to remove the systemd timers so you might
want to be sure to remove the left-over junk in /etc/systemd if you delete certbot.

acme.sh depends on cron, which seems more than reasonable to me.

I do find systemd to be a bit of a burden. There is such a thing as software
being way too smart for its own good.

73 de Bill W5GFE


#5

Well I have nothing in /etc/systemd/system/ for certbot. I did a yum remove and it looks safe.

Running transaction
  Erasing    : python2-certbot-nginx-0.27.1-1.el7.noarch                                                         
1/2 
  Erasing    : certbot-0.29.1-1.el7.noarch                                                                       
2/2 
  Verifying  : certbot-0.29.1-1.el7.noarch                                                                       
1/2 
  Verifying  : python2-certbot-nginx-0.27.1-1.el7.noarch                                                         
2/2 

Removed:
  certbot.noarch 0:0.29.1-1.el7                                                                                      

Dependency Removed:
  python2-certbot-nginx.noarch 0:0.27.1-1.el7                                                                        

Complete!

Nothing seen for certbot in when running crontab -e. This is what is entered for acme:

42 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null

Well lets see what happens when the automatic renewal comes.


#6

For future reference:
crontab -l
should list the contents


closed #7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.