In the official blog of Let's Encrypt, Get Certbot — Certbot 1.30.0 documentation , it says it needs Python version 3.7+
I am running a Centos 8 system. I have python version 3.6.8. Still I was able to install Let'sEncrypt. Will there be issue in the future? I will have to update Python?
Thanks
Depending on HOW you've installed Certbot, you're either not running the most up to date version OR have used "snap" to install the most recent version, which comes with its own build-in Python.
Running sudo certbot --version should present the version installed.
Thanks for your reply. After running the command, I am getting this.
certbot 1.22.0
Is this the latest version? I don't know about snap. I installed certbot using the tutorial from How To Secure Nginx with Let's Encrypt on CentOS 8 | DigitalOcean
Thanks
The latest version is 1.30.0, so 1.22.0 is not up to date.
On https://certbot.eff.org/ you can find the recommended method of installing Certbot.
Running latest version is absolute necessary? For how much time, version, 1.22.0 will work? It is working fine at the moment.
You can view Certbots up to date changelog here: certbot/CHANGELOG.md at master · certbot/certbot · GitHub
Thanks.
In the url you mentioned, Certbot Instructions | Certbot it is showing 2 methods. 'Default' & 'WildCard'. What is the difference?
Wildcard means wildcard subdomains?
Correct. The default tab is just for regular certificates without a wildcard hostname. As the wildcard certificates can only be issued using the dns-01 challenge for the wildcard hostnames, it often requires additional (DNS) plugins, which is mentioned on the Wildcard tab.
Thanks for your reply.
I was unable to install certbot with 'snap'. Is there another way to install latest version of Certbot without using snap?
Thanks
Not sure about "latest". Using pip (in a virtual environment!) is a "second best", but relies on the locally installed Python. So if your Python is too old, I don't think you'd get the latest version.
Depending on your requirements you can either choose to have an older version or use snap.
Note that sometimes people are running 0.40.0 or even older here on the Community. While we advise to upgrade, this is often not possible (or won't put in the effort) and usually it works nonetheless.
There are also other ACME clients other than certbot that don't rely on Python at all.
Thanks Osiris.
I was able to install Python version 3.9.13
I am using a VPS server (Centos 8 Stream)
Can you point me to a tutorial on how to install using pip?
Thanks.
The certbot instruction generator you've used earlier has a "Pip" option as system.
Thanks Osiris. I have one more query.
I have a domain (say example.com). Also a subdomain, (app.example.com).
I need 4 certificates, for
Do I need to enable wildcard certificates? (I know it takes more steps) or I can individually get 4 certificates.
Will the certificate for app.example.com works with www.app.example.com too? or I need separate certificates?
Thanks
You can get a single certificate with up to 100 different hostnames. A subdomain counts just as a hostname, so you could include all 4 hostnames and have room for 96 more. No wildcard cert required.
A certificate for just app.example.com will NOT work for www.app.example.com (although some browsers, Chrome I believe, does actually accept a cert without the www subdomain for hosts with the www subdomain).
See above.
Thanks Osiris.
I have one more question. In the crontab file, I have to use like this?
0 0 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew --quiet
(with python command) or I can simply use like this?
0 4 * * * certbot renew --quiet
In the tutorials, it is mentioned like using python? It has to be done? What is the reason?
Thanks
You want to include some kind of random delay instead of always starting at the exact same time.
Thanks rg305. Why would I need this? Can I start at exact time? Any problem with that? Or Can I use both commands?
Right now, I am using both commands. Any problem with that?