Your system is not supported by certbot-auto anymore

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ivet360.com

I ran this command: sudo -H ./letsencrypt-auto certonly --apache

It produced this output: Upgrading certbot-auto 1.9.0 to 1.10.0...
Replacing certbot-auto...
Your system is not supported by certbot-auto anymore.
Certbot will no longer receive updates.

My web server is (include version): Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04.5 LTS

My hosting provider, if applicable, is: Rackspace

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

I was renewing an SSL certificate today, and received this message:

Upgrading certbot-auto 1.9.0 to 1.10.0...
Replacing certbot-auto...
Your system is not supported by certbot-auto anymore.
Certbot will no longer receive updates.

I see that certbot-auto is depreciated, so how am I supposed to keep certbot updated on my Ubuntu server at this point?

Please see the official certbot instructions on https://certbot.eff.org/instructions

Will I need to remove Certbot OS packages and re-install Certbot using snap? Will I be able to run this command to update my certs in the meantime until I am able to do this: ./certbot-auto renew --apache

if I leave certbot as it is currently, it wont receive updates, but will that be a problem with my SSL certificates in the future?

1. Yes
2. I thought you were using certbot-auto? That wrapper script doesn't use the OS packages.

I'm not sure I understand to which command you're refering to?

Could be, you never know what the future brings. LE for example changed to a version 2 of their API and very old clients weren't configured to use it.

That is your best option.

Maybe yes, maybe no. certbot-auto is a self-updating version of certbot, which has essentially been discontinued. LetsEncrypt, the public Service that Certbot communicates with, has had many API changes and will continue to have more changes. At some point in the future, or possibly in the past, your version of Certbot will not be compatible with the LetsEncrypt service.

It takes less than 5 minutes to remove certbot-auto and install snapd + the certbot snap. The new system will still use the existing configuration files and certificates in /etc/letsencrypt

So I'm new to this server, so I'm trying to figure out the best way to solve this. I'm just going by the instructions you sent over to fix the error that I am seeing.

I run this command to create an SSL certificate for my site:
sudo -H ./letsencrypt-auto certonly --apache -d mydomain.com -d www.mydomain.com

Now I'm getting this message every time I run this command:

Your system is not supported by certbot-auto anymore.
Certbot will no longer receive updates.
Please visit https://certbot.eff.org/ to check for other alternatives.

We have about 200 certificates on this server, so I have to use certbot-auto to update them using this command:

./certbot-auto renew --apache

This command will go through and update all of the certificates on the server.

Now that I am getting the above "Certbot will no longer receive updates." message, I'm trying to figure out what to do in order to keep this updated.

In the instructions you sent, there are these instructions for my server:

1. SSH into the server - Done
2. Install snapd - This is already installed on my server
3. Ensure that your version of snapd is up to date - Done
4. Remove any Certbot OS packages
   If you have any Certbot packages installed using an OS package manager like apt, dnf, or yum, you should remove them before installing the Certbot snap to ensure that when you run the command certbot the snap is used rather than the installation from your OS package manager. The exact command to do this depends on your OS, but common examples are sudo apt-get remove certbot, sudo dnf remove certbot, or sudo yum remove certbot.

Do I need to do step 4 above, and then do step 5 below?

5. Install Certbot
   Run this command on the command line on the machine to install Certbot.

Yes, do that.

Then edit your cronjobs or whatever renewal scripts to read:

- ./certbot-auto renew --apache
+ ./certbot renew --apache

and

- sudo -H ./letsencrypt-auto certonly --apache -d mydomain.com -d www.mydomain.com
+ sudo -H ./certbot certonly --apache -d mydomain.com -d www.mydomain.com

So I use this command to update all 200 of the SSL certificates on my server:

./certbot-auto renew --apache

Is there a better command that I should be using to accomplish this?

Also, will these two commands still work after I install snapd + the certbot snap?

sudo -H ./letsencrypt-auto certonly --apache -d mydomain.com -d www.mydomain.com

./certbot-auto renew --apache

Gotcha, so I will use these after the update:

Renew all certificates:
./certbot renew --apache

Create a certificate:
sudo -H ./certbot certonly --apache -d mydomain.com -d www.mydomain.com

Instead of:
./certbot-auto renew --apache

sudo -H ./letsencrypt-auto certonly --apache -d mydomain.com -d www.mydomain.com

And they will work the same for updating my letsencrypt certificates?

Yes. You will just be invoking the new Certbot that snapd manages (which will be in /usr/bin/certbot) instead of the certbot-auto and letsencrypt-auto commands, which are both legacy. the command-line options are the same, and everything should be using /etc/letsencrypt as the data storage.

This is a complicated statement and needs to be cleared up before any following questions can be properly answered.
As you seem to have multiple versions of certbot installed.

Hey, so I ran all of the updates in the instructions that were sent over, and now when I run the following command:

sudo -H ./certbot certonly --apache -d mydomain.com

I get an error:

sudo: ./certbot: command not found

I ran this step in the instructions:

6.Prepare the Certbot command
Execute the following instruction on the command line on the machine to ensure that the certbot
command can be run.

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Do you know of any reason why the certbot command wouldn't work?

Before I ran the updates in the instructions, I've always went to cd /opt/letsencrypt to run the commands:

./certbot-auto renew --apache

sudo -H ./letsencrypt-auto certonly --apache -d mydomain.com -d www.mydomain.com

But now when I run this command in /opt/letsencrypt:

sudo -H ./certbot certonly --apache -d mydomain.com

I get the error "sudo: ./certbot: command not found".

Here is the directory list in /opt/letsencrypt/ on my server:

image1478×185 14.2 KB

Because ./ only runs programs from the current directory and certbot is now available from /usr/bin. So you don't need the ./ any longer, just run certbot ...

Also, /opt/letsencrypt isn't used any longer.

Gotcha, so i will run the command like this now?

sudo -H certbot certonly --apache -d mydomain.com

Should work, yes. Don't forget a www subdomain is necessary.

sudo -H certbot certonly --apache -d mydomain.com
OR
sudo -H /snap/bin/certbot certonly --apache -d mydomain.com
OR EVEN:
cd /snap/bin
sudo -H ./certbot certonly --apache -d mydomain.com

But NOT:
sudo -H ./certbot certonly --apache -d mydomain.com
after this:

That effectively issues this command:
sudo -H /opt/letsencrypt/certbot certonly --apache -d mydomain.com

And that is NOT where certbot is anymore.
which certbot
find / -name certbot

In order to update all of my SSL certificates on the server, would I run this command?

certbot-auto renew --apache

You shouldn't use the -auto suffix when you're using the regular (snap) installation method of certbot. Also, for renewing using --apache again isn't required.

It should be fine to just run certbot renew.

Hey, so I added --apache to these commands because when I ran them it seemed to cut off any other apache connections. So my websites were unavailable until the command finished doing its thing. If I remove --apache from the new command, this wont happen?