WPCloudDeploy / wp-cloud-deploy

WPCloudDeploy is a WordPress plugin that allows you to easily deploy and manage your own dedicated high-performance WordPress servers and sites at any cloud server provider.
https://wpclouddeploy.com
Other
91 stars 43 forks source link

Switch from snap to python-certbot on Jammy #76

Open batonac opened 2 years ago

batonac commented 2 years ago

Ubuntu 14.04 Jammy ships the with Certbot V1+, unlike previous versions of Ubuntu. Could we switch over for this version of Ubuntu? The DPKGs take up a lot less space and require less complexity for containerized setups.

The main and feature packages are: certbot - automatically configure HTTPS using Let's Encrypt python3-certbot - main library for certbot python3-certbot-dns-cloudflare - Cloudflare DNS plugin for Certbot python3-certbot-dns-digitalocean - DigitalOcean DNS plugin for Certbot python3-certbot-dns-dnsimple - DNSimple DNS plugin for Certbot python3-certbot-dns-gandi - Gandi LiveDNS plugin for Certbot python3-certbot-dns-gehirn - Gehirn DNS plugin for Certbot python3-certbot-dns-google - Google DNS plugin for Certbot python3-certbot-dns-linode - Linode DNS plugin for Certbot python3-certbot-dns-ovh - OVH DNS plugin for Certbot python3-certbot-dns-rfc2136 - RFC 2136 DNS plugin for Certbot python3-certbot-dns-route53 - Route53 DNS plugin for Certbot python3-certbot-dns-sakuracloud - SakuraCloud DNS plugin for Certbot python3-certbot-dns-standalone - Standalone DNS Authenticator plugin for Certbot python3-certbot-nginx - Nginx plugin for Certbot

elindydotcom commented 2 years ago

There's something about those scripts related to multisite and wildcard ssl that prevents them from being used. They were originally used in earlier versions since, like you said, they are simpler. But then it was switched to the snaps when wildcard ssl was added for multisite. I don't remember the exact reason why wildcard ssl support was an issue though - just that using snaps resolved the issue.

batonac commented 2 years ago

I would expect this to be due to the version, not the package type. Let's Encrypt wildcard support was issued sometime after the service was first introduced.

Snap packages allow you to track with the latest upstream release, which is great, but I'd expect that things have settled down quite a bit with the protocol by now. Any v1+ release of certbot should be feature-complete for the foreseeable future, which is why I'm suggesting it would be safe to revert back to the standard debian packages in 14.04 specifically.

elindydotcom commented 2 years ago

To switch away from snaps would likely have to be done in a major update (eg: wpcd 6.0) since there would be backward compatibility issues to deal with and handle in the code for existing servers. Maybe even have to support both sets of packages for a while. Not sure it's something that can be easily handled near term.

batonac commented 1 year ago

I'm not quite understanding, as I think it would be the same command/binary name/syntax either way, but I must be missing something.

Full disclosure, I'm already using these packages in production, in my WPCD Proxmox containers, and have been for some time. I simply install the packages and then block the installation of the snaps by placing an empty file in /root/.wpcd-server-provision-checkpoints/checkpoint100-end.txt in the default container template that's used for provisioning.