Your system is not supported by certbot-auto anymore

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
sudo /etc/letsencrypt/certbot-auto -q certonly --webroot -w /jet/app/www/default -d -d --config-dir /jet/etc/letsencrypt

It produced this output:
Your system is not supported by certbot-auto anymore.
certbot-auto and its Certbot installation will no longer receive updates.
You will not receive any bug fixes including those fixing server compatibility
or security problems.
Please visit to check for other alternatives.

My web server is (include version):

The operating system my web server runs on is (include version):
Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64

My hosting provider, if applicable, is:
Google cloud compute engine

I can login to a root shell on my machine (yes or no, or I don't know):no

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
ssh secure shell - filezilla with ssh

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1 Like

Have you done this?


Yes I did. I realized that I should install snapd for debian 9. It's correct ?


That's the installation method recommended by the Certbot team indeed.


I uninstalled the certbot-auto and old certbot and installed the snapd certbot.

I run this command :

sudo certbot certonly --webroot -w /jet/app/www/default -d -d --config-dir /jet/etc/letsencrypt

all ok I have the new certificate !!!

Successfully received certificate.
Certificate is saved at: /jet/etc/letsencrypt/live/
Key is saved at: /jet/etc/letsencrypt/live/
This certificate expires on 2022-04-22.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Now, please, a question:
The certificates are renewed in the background upon expiration without my having to do anything or in any case have to fill in a cron tab for renewal ?

If I try renew the certificate with a cron tab, someting like :

47 14 * * * sudo certbot renew certonly --webroot -w /jet/app/www/default -d -d --config-dir /jet/etc/letsencrypt

I get an error message: certbot: error: unrecognized arguments: certonly


It should be enough to just run certbot renew --config-dir /jet/etc/letsencrypt without the other parameters. In fact, Certbot installed using the certbot-auto wrapper script and the Certbot installed through snap share the same configuration directory structure, so if you didn't also delete the stuff in /jet/etc/letsencrypt/ (assuming that's the same config dir as before), you probably could have run sudo certbot renew after you installed Certbot through snap. But that's not relevant any longer as you already have renewed your certificate.

One thing I did notice: your certificate now has a suffix -0001 which suggests you have two certificates which could be identical. Could you please run the following command and share the output?

sudo certbot certificates --config-dir /jet/etc/letsencrypt

Found the following certs:
Certificate Name:
Serial Number: 37795212287d679b6ec35a571caa1cfbe2b
Key Type: RSA
Expiry Date: 2022-04-22 13:11:44+00:00 (VALID: 89 days)
Certificate Path: /jet/etc/letsencrypt/live/
Private Key Path: /jet/etc/letsencrypt/live/

yes it's true I had two certificates, the old one I deleted after the procedure. Now I have only one

with certbot I have now tried the command to insert on the cronjob:
stop nginx && sudo certbot renew --config-dir /jet/etc/letsencrypt && start nginx

I am forced to stop nginx because port 80 is used by nginx


OK, that's fine :slight_smile:

That's weird, as your command stated you're using the --webroot plugin. That actually would require a working nginx? Could you show the contents of /jet/etc/letsencrypt/renewal/ ?


It is true previously I used the webroot plugin but I can't understand what the command for renewal with webroot is ...

What I want to understand with webroot when I run the command : sudo certbot certonly --webroot -w /jet/app/www/default -d -d --config-dir /jet/etc/letsencrypt

this procedure is used to overwrite or expand the certificates and not to renew them and I can only use it manually.

Is there a command for automatic renewal with the webroot plugin to be inserted on the cron job?

previously with certbot-auto, by entering the command below on cronjob I was able to update the certificates automatically with webroot plugin:
47 14 * * * sudo /etc/letsencrypt/certbot-auto -q certonly --webroot -w /jet/app/www/default -d -d --config-dir /jet/etc/letsencrypt

As for your question, instead, I ask you the content of the file you requested

# renew_before_expiry = 30 days
version = 1.22.0
archive_dir = /jet/etc/letsencrypt/archive/
cert = /jet/etc/letsencrypt/live/
privkey = /jet/etc/letsencrypt/live/
chain = /jet/etc/letsencrypt/live/
fullchain = /jet/etc/letsencrypt/live/

# Options used in the renewal process
account = 293ab014935c08da458ae0810b39dd74
config_dir = /jet/etc/letsencrypt
authenticator = webroot
server =
webroot_path = /jet/app/www/default,
[[webroot_map]] = /jet/app/www/default

It doesn't matter how you issued a certificate the first time, the renewal command is always sudo certbot renew with in your case (for some reason I don't understand) the extra command for the --config-dir.

Here it says the webroot authenticator is used for issuance and renewal, so nginx should be kept running.


To renew the cert, all you need to do is ensure cron (or any other timer) runs this twice a day:
certbot renew

As for getting nginx to use the latest cert ...
You could reload it daily/weekly or after each renewal with a --deploy-hook


Hi and thanks for your help.

The extra command for the --config-dir .
it is because the instance on compute engine is created with user access and not with access with root privileges, which is why I have to move the certificates to a directory with user-level permissions and after each update of the certificates, as certbot changes the permissions on directories, I have to then on cronjob enter the command to change the permissions again.
I understand it's not a very clean solution, but like a Woody Allen movie, Whatever Works :smile:
sudo chown someuser:somegroup /jet/etc/letsencrypt/archive/*

So my new definitive cronjob to renew certificates will be:

47 14 * * * sudo certbot renew --config-dir /jet/etc/letsencrypt && sudo chown someuser:somegroup /jet/etc/letsencrypt/archive/*
36 03 * * * sudo certbot renew --config-dir /jet/etc/letsencrypt && sudo chown someuser:somegroup /jet/etc/letsencrypt/archive/*


Hi and thanks for your help.


It seems the --config-dir option is also stored in the renewal configuration file as Rudy demonstrated above. (I missed that..) So you shouldn't need to add that option again to the sudo certbot renew command.

Also, you could add the -q (for quiet) option to the renew command, so you don't get annoying emails from Cron every time Certbot runs and does nothing.


OK thank you


This way is correct, right ? (the option '-q' after 'renew')
and obviously it will not use nginx and there will be no need to stop nginx, correct?

Looks good to me. Although I don't understand why you have two cronjobs set up instead of just one.

If the certificate is configured to use the webroot plugin, it doesn't "use" nginx in the sense that it modifies nginx configuration and reloads it et cetera, but it of course uses nginx to serve the validation token from the specified webroot. But to do that, nginx needs to be running and shouldn't be stopped.

Also note that using the webroot authenticator plugin without the nginx installer plugin, you'd need to reload nginx after a succesful renewal. You can do that using a command in the cronjob, but you could also use the --deploy-hook option. That option could also be used for the chown command. See the Certbot User Guide for more info.


I have read, in the past, somewhere, that it was necessary to request the update of the certificates twice a day.

Running Certbot twice a day is indeed the recommendation of the Certbot team. But running a cronjob twice a day doesn't require 2 separate cronjobs.


ok, thank you