Support for snap

[noci2012]

Does the project then also support providing a snap for all platforms? (possibly including VM's). Although snap is widely used , it is not universally available.

Python has been installed on many more platforms if not all (AFAICT). Python also work on exotic CPU's probably even non unix variants if python has been ported.

and replaceing one command of native install vs. one command of snap doesn't seem to be more easy or require less documentation. and even then more configuration is needed as well. (Also interfacing to get the certificates out of a container other data into a container..)

[bmw]

Hi @noci2012. I assume you read something from me or my coworkers about our plans to package Certbot as a snap and had some concerns?

I can briefly respond to them, but know that we have no plans to drop support for any platforms with the transition to a snap. It may also be useful for you to wait for more official/thorough documentation which we haven't written yet which would describe how we recommend installing Certbot in various scenarios. It also may be a good idea for the Certbot team to stop talking about the transition to snaps until we've had time to do this to avoid raising concerns.

You're right that snaps aren't supported on all platforms but they are supported on most Linux systems. For those systems, there are a number of benefits for us/our users such as automatic updates, automatic configuration to automatically renew your certificates, and our dependencies are isolated from the rest of your system. Also, there is no extra configuration to get certificates out of a container because Certbot is packaged as classic snap and certificates will still be placed in /etc/letsencrypt just like they've always been.

In some scenarios such as obscure/non-Linux OSes or some virtualization options, snaps won't work and we (will) have other options for those users such as our Windows installer, Docker images, and some combination of OS packages/pip for other platforms (with careful instructions from us to avoid the downsides of a naive pip install command).

In short, while we will be recommending many users switch to our snap, it will just be another packaging option among many for Certbot users. I hope this makes sense and answers your questions.

[noci2012]

Gentoo is one of the linuxes that has no supported snap to name one. Then again it doesn't very well support Letsencrypt as well. :-/ Anyway thanks for the info.

[bmw]

Certbot has had packages in Gentoo for years, but if you're interested in seeing support for Gentoo improved, don't hesitate to open an issue or PR on https://github.com/certbot/certbot or with the Gentoo packagers.

@basak, I think this issue can be closed.

[basak]

Thank you for explaining that Brad!

[noci2012]

@bmw: there are certbot packages in gentoo... i use them. I also proposed ebuilds for rfc2136 & standalone. They are not considered for inclusion there isn't even an attempt by the maintainers to review them or comment on them. I won't hold my breath on including them. With pip out of order in favor of python-exec pip only works for usermode which doesn't scale well (having several parallel installs of the same modules). Adding snap to that environment somehow doesn't seem to work out very well.

[bmw]

Thanks for making these ebuilds! I was going to nudge the Gentoo packagers for you about this, but unfortunately, Gentoo is one of the only major OSes where we don't have a prexisting relationship with the current package maintainers of Certbot. We used to, but it appears maintainer changed.

Problems like this are exactly why we want to at least offer an option outside of official OS packaging to easily get up-to-date versions of Certbot and its plugins though. If our Docker images don't work for you and your OS maintainers aren't responsive, I unfortunately don't have another good option for you right now, but believe me we're aware of the problem and working on it.