Closed ralphlange closed 5 years ago
Package upgrade was needed to run certbot-auto.
root@w4:~ >> ./certbot-auto
Upgrading certbot-auto 0.25.0 to 0.27.1...
Replacing certbot-auto...
Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in
Check that python is ok: root@w4:~ >> python -c 'import datetime; print datetime.datetime
Rename certbot dir: root@w4:~ >> mv /opt/eff.org/certbot /opt/eff.org/certbot.sav
Run certbot-auto again:
root@w4:~ >> ./certbot-auto
Bootstrapping dependencies for Debian-based OSes... (you can skip this with --no-bootstrap)
Hit:1 http://archive.ubuntu.com/ubuntu xenial InRelease
Get:2 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]
Get:3 http://security.ubuntu.com/ubuntu xenial-security InRelease [107 kB]
Get:4 http://archive.ubuntu.com/ubuntu xenial-backports InRelease [107 kB]
Fetched 323 kB in 0s (600 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
gcc is already the newest version (4:5.3.1-1ubuntu1).
libffi-dev is already the newest version (3.2.1-4).
augeas-lenses is already the newest version (1.4.0-0ubuntu1.1).
augeas-lenses set to manually installed.
ca-certificates is already the newest version (20170717~16.04.1).
libaugeas0 is already the newest version (1.4.0-0ubuntu1.1).
python is already the newest version (2.7.12-1~16.04).
python-dev is already the newest version (2.7.12-1~16.04).
python-virtualenv is already the newest version (15.0.1+ds-3ubuntu1).
virtualenv is already the newest version (15.0.1+ds-3ubuntu1).
virtualenv set to manually installed.
The following package was automatically installed and is no longer required:
libssh2-1
Use 'apt autoremove' to remove it.
The following additional packages will be installed:
libssl1.0.0
Recommended packages:
libssl-doc
The following packages will be upgraded:
libssl-dev libssl1.0.0 openssl
3 upgraded, 0 newly installed, 0 to remove and 91 not upgraded.
Need to get 2,917 kB of archives.
After this operation, 1,024 B of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libssl-dev amd64 1.0.2g-1ubuntu4.13 [1,342 kB]
Get:2 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libssl1.0.0 amd64 1.0.2g-1ubuntu4.13 [1,083 kB]
Get:3 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 openssl amd64 1.0.2g-1ubuntu4.13 [492 kB]
Fetched 2,917 kB in 0s (11.3 MB/s)
Preconfiguring packages ...
(Reading database ... 75856 files and directories currently installed.)
Preparing to unpack .../libssl-dev_1.0.2g-1ubuntu4.13_amd64.deb ...
Unpacking libssl-dev:amd64 (1.0.2g-1ubuntu4.13) over (1.0.2g-1ubuntu4.12) ...
Preparing to unpack .../libssl1.0.0_1.0.2g-1ubuntu4.13_amd64.deb ...
Unpacking libssl1.0.0:amd64 (1.0.2g-1ubuntu4.13) over (1.0.2g-1ubuntu4.12) ...
Preparing to unpack .../openssl_1.0.2g-1ubuntu4.13_amd64.deb ...
Unpacking openssl (1.0.2g-1ubuntu4.13) over (1.0.2g-1ubuntu4.12) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up libssl1.0.0:amd64 (1.0.2g-1ubuntu4.13) ...
Setting up libssl-dev:amd64 (1.0.2g-1ubuntu4.13) ...
Setting up openssl (1.0.2g-1ubuntu4.13) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Which names would you like to activate HTTPS for?
1: epics-controls.org
Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): Cert is due for renewal, auto-renewing... Renewing an existing certificate Performing the following challenges: tls-sni-01 challenge for epics-controls.org Waiting for verification... Cleaning up challenges Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/epics-controls.org-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration.
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Your existing certificate has been successfully renewed, and the new certificate has been installed.
The new certificate covers the following domains: https://epics-controls.org
You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=epics-controls.org
IMPORTANT NOTES:
If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
1:30.54 [20.3%] used.
Thank you for the quick fix!
The "Let's Encrypt" certificate has expired this morning. Users are seeing warning boxes and have to accept to proceed to an insecure site.