Your system is not supported by certbot-auto anymore

yeah. time to look for a lean ACME client I can trust instead of continuing to use that bloated stuff.

1 Like

There you can see the changes made to the script, including the ArchLinux part which is triggered by the existance of /etc/arch-release.

It would be very easy to revert to the working version: https://raw.githubusercontent.com/certbot/certbot/7f0fa18c570942238a7de73ed99945c3710408b4/letsencrypt-auto-source/letsencrypt-auto

(it still has the very ancient name letsencrypt-auto, but it's the same script as certbot-auto)

2 Likes

I've often wondered why certbot seems to have such heavy requirements compared to a similar functionality in acme.sh...

2 Likes

Well, some might call certbot bloated, other might call it "feature rich". In any case it depends highly on a lot of Python dependencies. I'm not an expert enough to judge that though. What I can say is that certbot has more features than acme.sh :wink:

2 Likes

What I can say is that I have Python 3.6, which should be enough as it has pip and venv built in.

1 Like

Ooeeh, a package manager :grimacing: :wink:

But I'd recommend using the older script I linked above and overwrite your current certbot-auto with it and keep using it with --no-self-upgrade to prevent this issue again.

You might also choose to edit the script so you won't have to add and remove /etc/arch-release. Just edit the elif [ -f /etc/arch-release ] to always return true.

2 Likes

People use ancient certbot releases a lot around here. I've seen 0.31.0 more often than not.

3 Likes

I always run it with --no-self-upgrade but I have to upgrade from time to time if I want it to keep working. We are not talking about some box that will be gone in 3 years. Another client still seems to be the better choice.

Actually that step was only required for the first install.

1 Like

As the certbot-auto script is deprecated anyway, yes, that might be better indeed. But for the short run, you can run the previous version if you really need to.

1 Like

You could go totally overboard and completely write your own client like I did. Granted that support and maintenance come from the man in the mirror. :grin:

3 Likes

I guess it's the gold standard, if by that you mean the gold standard for how Let's Encrypt should not be used.

5 Likes

If you're paranoid about security though, it really is the ultimate DIY approach. Fully-downloadable, all-inclusive JS with no key sharing (account or certificate). Tin foil hat optional. :wink:

2 Likes

It seems like most active projects are trending toward docker or snap distribution at this point. Hopefully that'll make snap less painful to use over time, but I really don't see sticking with native distribution as a long-term viable alternative, even acme.sh. Sure would be nice to have a better deprecation message telling you what the successor is, of course.

2 Likes

I beg to differ. I'm running Gentoo and don't use binary packages. Snapd doesn't even run on non-systemd systems. I see docker as a system for people who are new to Linux and need an easy method.

1 Like

Personally I am fond of agnostic approaches like PHP and JS with minimal/no extension that leave handling the underlying details to the platform. They let me focus on developing and maintaining my client rather than worrying about porting issues.

2 Likes

You mean stuff like Composer/Packagist? :weary:

1 Like

Fair point. To avoid such dependencies I try to only use the base functionality (i.e. standard libraries almost always included with the base install). I'm not too worried about PHP deprecating openssl or curl.

4 Likes

You mean this install of PHP? Base/basic enough? :smiley:

[ebuild R ] dev-lang/php-7.4.9:7.4::gentoo USE="apache2 -acl -argon2 -bcmath -berkdb -bzip2 -calendar -cdb -cgi -cjk -cli (-coverage) -ctype -curl -debug -embed -enchant -exif -ffi -fileinfo -filter (-firebird) -flatfile -fpm -ftp -gd -gdbm -gmp -iconv -imap -inifile -intl -iodbc -ipv6 -json -kerberos -ldap -ldap-sasl -libedit -libressl -lmdb -mhash -mssql -mysql -mysqli -nls -oci8-instant-client -odbc -opcache -pcntl -pdo -phar -phpdbg -posix -postgres -qdbm -readline (-selinux) -session -session-mm -sharedmem -simplexml -snmp -soap -sockets -sodium -spell -sqlite -ssl -systemd -sysvipc -test -threads -tidy -tokenizer -tokyocabinet -truetype -unicode -webp -xml -xmlreader -xmlrpc -xmlwriter -xpm -xslt -zip -zlib" 0 KiB

To be fair, this aren't actually my USE-settings for my PHP :wink:

3 Likes

What did you end up doing? I also rolled my own distro.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.