[CentOS] letsencrypt error

Fri Feb 5 15:00:25 UTC 2021
Jerry Geis <jerry.geis at gmail.com>

On Fri, Feb 5, 2021 at 9:44 AM Lamar Owen <lowen at pari.edu> wrote:

> On 2/5/21 7:49 AM, Jerry Geis wrote:
> > *>>certbot-auto is no longer available.
> See https://certbot.eff.org/docs/install.html#id9 "We used to have a
> shell script named certbot-auto to help people install Certbot on UNIX
> operating systems, however, this script is no longer supported. If you
> want to uninstall certbot-auto, you can follow our instructions here."
> > ... Skipping bootstrap because certbot-auto is deprecated on this
> > system. Your system is not supported by certbot-auto anymore. Certbot
> > cannot be installed. Please visit https://certbot.eff.org/ to check
> > for other alternatives. My Centos 7 is basically out of the box.
> > Previously with certbot-auto - it worked every time. Any one else run
> > into this and know what the issue is ?
> The issue is fully documented and is simply that the certbot-auto script
> is being discontinued by the certbot team at EFF.  Questions about why
> it's being discontinued would need to be taken up with the EFF team on
> their github issue tracker at https://github.com/certbot/certbot/issues
> The EFF-recommended way to use certbot has changed.  The _new_ way is
> with a snap (as in 'install snapd and download the snap for certbot').
> If you already have it might work, but that's going away; you need to
> use the solution recommended at certbot.eff.org which first instructs
> the user to uninstall any OS package containing certbot.  At
> https://certbot.eff.org/docs/install.html there is a warning block:
> "While the Certbot team tries to keep the Certbot packages offered by
> various operating systems working in the most basic sense, due to
> distribution policies and/or the limited resources of distribution
> maintainers, Certbot OS packages often have problems that other
> distribution mechanisms do not. The packages are often old resulting in
> a lack of bug fixes and features and a worse TLS configuration than is
> generated by newer versions of Certbot. They also may not configure
> certificate renewal for you or have all of Certbot’s plugins available.
> For reasons like these, we recommend most users follow the instructions
> at https://certbot.eff.org/instructions and OS packages are only
> documented here as an alternative."
> Further, this isn't a CentOS problem; CentOS 7 doesn't ship
> certbot-auto.  EPEL7 ships a certbot package, but it doesn't ship
> certbot-auto.  The certbot in the EPEL7 package is currently working on
> one of my systems, but it is at this point in time one release out of
> date. (the package currently in EPEL7 is 1.11.0; current is 1.12.0;
> 1.12.0 drops support for python2, so the move from 1.11.0 to 1.12.0
> could be fun).
> So, the EFF's recommended instructions for CentOS 7 running nginx are at
> https://certbot.eff.org/lets-encrypt/centosrhel7-nginx  (I chose the
> nginx page because I am running some servers with CentOS 7 and nginx;
> there are instructions for CentOS/RHEL 8 as well as for apache).
Hi Lamar - I did find that page... I did follow the instructions.

certbot is removed.
rpm -qa | grep cert

whereis certbot
certbot: /usr/bin/certbot /var/lib/snapd/snap/bin/certbot
ls -l /usr/bin/certbot
lrwxrwxrwx 1 root root 17 Feb  4 13:38 /usr/bin/certbot -> /snap/bin/certbot

The snap link was made. the snap daemon is running:
 ps ax | grep snapd
18721 pts/0    S+     0:00 /bin/grep -d skip snapd
24817 ?        Ssl    0:12 /usr/libexec/snapd/snapd

I thought someone would have ran into the same issue as I was migrating to
this new way of doing things getting letsencypt working on apache.