Hi,
Currently, I have LetsEncrypt installed on CentOs 9 stream. Using snap. DigitalOcean is my VPS provider.
I see Centos 9's support will end on May 2027. There is no option for me to upgrade to CentOs 10. Hence I might use Centos 9 for one or two more years after its EOL.
My question is will LetsEncrypt via Snap would work for an outdated OS? How many more years can I use it?
Will there be any issue?
Thanks
alma 9 will be supported until 2032, can you upgrade to there?
anywhy letsencrypt is old name, and should install snap as certbot nowdays:
You can run any ACME client you like, as long as you provide the dependencies it needs.
Let’s Encrypt/ISRG provides a long list of ACME clients.
If you find a client that is statically compiled it has a good chance of working right out of the box, even on an old distro. I would try Lego.
You might not find an RPM for it, but if not you can just copy the single binary to the server, using curl, wget, rsync, scp or whatever method you prefer.
I recommend AlmaLinux over than CentOS Stream, you could consider their migrate tool
I assume you mean you use Certbot via Snap. Let's Encrypt does not offer an ACME Client (it is an ACME Server). The EFF manages Certbot. For an official reply you should ask at the EFF's github for Certbot: GitHub - certbot/certbot: Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
The EFF developers sometimes comment in this forum but mostly they reply on their github or Mattermost
My personal opinion is that it will be difficult to answer your question of "Will there be any issue?". It is difficult to predict how software will behave in 2 years as systems lose support. I agree using something like lego might give better predictability.
It is impossible to tell. The Snaps will eventually not update at some point in time - the snapd client will lose updates for your platform, the snap builds will require newer snap systems (certbot requires a newer snap), the dependency snaps might lose updates too (i.e. certbot requires a newer python, but that's not available in snap).
There may also be situations where there are TLS deprecations (protocol, cipher) and your system can't communicate with newer options.
With the exception of replacing ACME v1 with the ACME v2 (RFC), LetsEncrypt servers updates have been mostly backwards compatible. There have been a few instances where features were turned off or replaced, but that did not affect most clients because they were just implementation details (not part of the RFC).
Chances are things will still work.
If they don't, the two options are:
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.