38

I am running certbot --apache but I get the following error:

Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any 
combination of challenges that will satisfy the CA.

Version installed is 0.10.2 on Debian 8.10

I would like to upgrade to 0.21.0 which should fix the issue https://community.letsencrypt.org/t/certbot-0-21-0-release/50725

but I tried apt-get update/upgrade and I get the following:

certbot is already the newest version.
certbot set to manually installed.

Any suggestions on how to update?

vsync
  • 118,978
  • 58
  • 307
  • 400
xylar
  • 7,433
  • 17
  • 55
  • 100

6 Answers6

43

Not sure how I missed this. From the install docs https://certbot.eff.org/docs/install.html#certbot-auto

user@webserver:~$ wget https://dl.eff.org/certbot-auto
user@webserver:~$ chmod a+x ./certbot-auto
user@webserver:~$ ./certbot-auto --help
xylar
  • 7,433
  • 17
  • 55
  • 100
8

You can check for your software version but this works:

sudo apt-get update -y
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update -y
sudo apt-get install certbot python-certbot-apache
certbot --version

https://certbot.eff.org/lets-encrypt/ubuntuxenial-apache

Tuna
  • 2,937
  • 4
  • 37
  • 61
Tarik
  • 4,270
  • 38
  • 35
7
sudo apt update
sudo apt install --only-upgrade certbot

Tried it on ubuntu with nginx, worked for me without issues.

Prashant
  • 5,331
  • 10
  • 44
  • 59
  • 4
    Please edit your answer to provide an explanation. As you surely know, this is _always_ useful on Stack Overflow, but it's _especially_ useful here, where there are four existing answers, including an accepted answer with 40+ upvotes. What sets your answer apart? Under what circumstances would your answer be preferred over the existing approaches? Remember, each new answer adds another post people with this problem need to evaluate: Make it easier for them to understand the differences, and why they should consider your code over others. – Jeremy Caney May 24 '21 at 22:05
  • 3
    I should also note: This ended up in the _Low Quality Posts_ queue for review, and at least one other person has voted to delete it. I voted to maintain it since it makes a good faith effort to answer the question. But adding an explanation will also help ensure that reviewers who are more rigid than myself don't vote to delete it. – Jeremy Caney May 24 '21 at 22:07
2

A bit of background from Let's Encrypt

Unfortunately, Let's Encrypt has stopped offering the mechanism that Certbot's Apache and Nginx plugins use to prove you control a domain due to a security issue

To get around this on an existing L.E installation before the updates, follow this solution if you're on Debian/Ubuntu:

certbot --authenticator standalone --installer apache -d <yourdomain(s)> --pre-hook "apache2ctl stop" --post-hook "apache2ctl start
Sam
  • 2,540
  • 2
  • 23
  • 24
2

On debian Stretch, just use:

apt-get install python-certbot-apache -t stretch-backports
GAD3R
  • 4,317
  • 1
  • 23
  • 34
Henrik
  • 21
  • 1
2

For Debian 11

Description of the problem

In Debian 11 your CertBot version is: https://packages.debian.org/bullseye/certbot

(on 28th August 2022 = 1.12.0)

Last release: https://github.com/certbot/certbot/releases

(on 28th August 2022 = 1.29.0)

In Debian 11 CertBot is outdated. First step: if installed, remove it:

sudo apt remove certbot -y

Installation of CertBot

  1. Install Snapd manager: sudo apt install snapd -y
  2. Install Snap core & refresh: sudo snap install core; sudo snap refresh core
  3. Install CertBot: sudo snap install --classic certbot
  4. Setup link in your Debian: sudo ln -s /snap/bin/certbot /usr/bin/certbot

Check version CertBot installed

1.- View version: sudo certbot --version Output: certbot 1.29.0

fquinto
  • 527
  • 7
  • 12