[CentOS] letsencrypt error

Fri Feb 5 14:44:27 UTC 2021
Lamar Owen <lowen at pari.edu>

On 2/5/21 7:49 AM, Jerry Geis wrote:
> *>>certbot-auto is no longer available.

See https://certbot.eff.org/docs/install.html#id9 "We used to have a 
shell script named certbot-auto to help people install Certbot on UNIX 
operating systems, however, this script is no longer supported. If you 
want to uninstall certbot-auto, you can follow our instructions here."

> ... Skipping bootstrap because certbot-auto is deprecated on this 
> system. Your system is not supported by certbot-auto anymore. Certbot 
> cannot be installed. Please visit https://certbot.eff.org/ to check 
> for other alternatives. My Centos 7 is basically out of the box. 
> Previously with certbot-auto - it worked every time. Any one else run 
> into this and know what the issue is ?
The issue is fully documented and is simply that the certbot-auto script 
is being discontinued by the certbot team at EFF.  Questions about why 
it's being discontinued would need to be taken up with the EFF team on 
their github issue tracker at https://github.com/certbot/certbot/issues

The EFF-recommended way to use certbot has changed.  The _new_ way is 
with a snap (as in 'install snapd and download the snap for certbot').  
If you already have it might work, but that's going away; you need to 
use the solution recommended at certbot.eff.org which first instructs 
the user to uninstall any OS package containing certbot.  At 
https://certbot.eff.org/docs/install.html there is a warning block:
"While the Certbot team tries to keep the Certbot packages offered by 
various operating systems working in the most basic sense, due to 
distribution policies and/or the limited resources of distribution 
maintainers, Certbot OS packages often have problems that other 
distribution mechanisms do not. The packages are often old resulting in 
a lack of bug fixes and features and a worse TLS configuration than is 
generated by newer versions of Certbot. They also may not configure 
certificate renewal for you or have all of Certbot’s plugins available. 
For reasons like these, we recommend most users follow the instructions 
at https://certbot.eff.org/instructions and OS packages are only 
documented here as an alternative."

Further, this isn't a CentOS problem; CentOS 7 doesn't ship 
certbot-auto.  EPEL7 ships a certbot package, but it doesn't ship 
certbot-auto.  The certbot in the EPEL7 package is currently working on 
one of my systems, but it is at this point in time one release out of 
date. (the package currently in EPEL7 is 1.11.0; current is 1.12.0; 
1.12.0 drops support for python2, so the move from 1.11.0 to 1.12.0 
could be fun).

So, the EFF's recommended instructions for CentOS 7 running nginx are at 
https://certbot.eff.org/lets-encrypt/centosrhel7-nginx  (I chose the 
nginx page because I am running some servers with CentOS 7 and nginx; 
there are instructions for CentOS/RHEL 8 as well as for apache).