Closed smacz42 closed 3 years ago
smacz42
commented
3 years ago This happens when called with certbot_install_from_source: False on Debian systems. Right now it looks like the certbot version is 0.27.0-1 in the ubuntu repos for 18.04.5.
See: https://community.letsencrypt.org/t/certbot-1-10-0-release/139518
sermo-de-arboribus
commented
3 years ago This also happens with certbot_install_from_source: True
The new recommended way of installing certbot is explained in this thread: https://community.letsencrypt.org/t/certbot-auto-no-longer-works-on-debian-based-systems/139702/7
Blake-
commented
3 years ago From the new recommended way.
How do I install Certbot now?
The way we recommend most users install Certbot is through snaps.I'm not a big fan of snaps, but I guess that means a new task install via snap ?
willemdh
commented
3 years ago Similar issue for CentOS 8. IETF also recommends snap as install method apparently.. https://certbot.eff.org/lets-encrypt/centosrhel8-apache 😕
mikejw
commented
3 years ago I've come up with this little workaround. It's hacky.
Also remove any use of the --standalone flag in your commands and use --apache.
I don't understand why thecertbot_dir and certbot_script variables can't be overridden (on cert creation etc), so that's why I've done the following. (On Ubunutu 18.)
# install snap certbot
- hosts: build
vars:
tasks:
- name: Install from apt
apt:
name: "{{ packages }}"
state: present
vars:
packages:
- certbot
- snapd
- apache2
- name: "Install snap core"
snap:
name:
- core
- name: "Install snap certbot"
snap:
name: certbot
classic: yes
- name: "Rename old"
command: mv /usr/bin/certbot /usr/bin/certbot.old
- name: "Create link"
file:
path=/usr/bin/certbot
src=/snap/bin/certbot
state=link
geerlingguy
commented
3 years ago Yeah... this is happening on CentOS 7 too.
TASK [geerlingguy.certbot : Generate new certificate if one doesn't exist.] ********************************************
fatal: [servercheck.in]: FAILED! => {"changed": true, "cmd": ["/opt/certbot/certbot-auto", "certonly", "--standalone", "--noninteractive", "--agree-tos", "--email", "webmaster@midwesternmac.com", "-d", "servercheck.in"], "delta": "0:00:00.234317", "end": "2021-01-19 10:07:34.164997", "msg": "non-zero return code", "rc": 1, "start": "2021-01-19 10:07:33.930680", "stderr": "", "stderr_lines": [], "stdout": "Skipping bootstrap because certbot-auto is deprecated on this system.\nYour system is not supported by certbot-auto anymore.\nCertbot cannot be installed.\nPlease visit https://certbot.eff.org/ to check for other alternatives.", "stdout_lines": ["Skipping bootstrap because certbot-auto is deprecated on this system.", "Your system is not supported by certbot-auto anymore.", "Certbot cannot be installed.", "Please visit https://certbot.eff.org/ to check for other alternatives."]}How annoying. Snaps are dumb :P
geerlingguy
commented
3 years ago On CentOS 7, I installed snap and then installed certbot. Highly annoying:
# Oh snap.
sudo yum install snapd # Requires EPEL
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap # Enable classic snap support
# Install certbot.
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
# Get a cert.
sudo certbot certonly --standalone --noninteractive --agree-tos --email 'email@example.com' -d example.com
# Test a renewal.
sudo certbot renew --dry-runWorking on this in https://github.com/geerlingguy/ansible-role-certbot/pull/142
rgarrigue
commented
3 years ago For whoever got a veto on snap, I changed from certbot to lego. Writing a role to get the bin from github etc was quite easy. Got the same functionality in the end.
geerlingguy
commented
3 years ago There's also acme.sh :)
Per https://github.com/certbot/certbot/issues/7941#issuecomment-619177149 the certbot-auto functionality is being deprecated and does not work on 20.04: