Moving Certbot to Debian 9
I'm changing out my old Ubuntu firewall server with a Debian 9 system. Step one was getting everything I need installed on it. The only issue so far, certbot.
Today I'm changing out my old Ubuntu firewall server with a Debian 9 system. The only concern so far, certbot. And it was a minor challenge.
I did an apt-get install python-certbot-nginx
, hit y
to install it and all of the dependencies.
I then tar'd up the /etc/letsencrypt directory on the source server.
cd /etc/letsencrypt
tar -cvpf . -f ~/letsencrypt.tar
Copy the letsencrypt.tar file to the target folder and extract it
cd /etc/letsencrypt
scp <user>@<source server>:<path to letsencrypt.tar> letsencrypt.tar
tar -xpvf letsencrypt.tar
Now, test it with certbot renew --nginx --dry-run --force-renewal
.
-
Note: I ended up getting an error
certbot: error: unrecognized arguments: --max-log-backups 0
I found that the
--max-log-backups
was added in a newer version of certbot than what apt-get installed. It installed version 0.10.2. It was added in something like 0.17.0.I then tried following the guide at certbot's site. It said to use
sudo apt-get install python-certbot-nginx -t stretch-backports
.Ran that, then got another error saying that
E: The value 'python-certbot-nginx' is invalid for APT::Default-Release as such a release is not available in the sources
.The fix was easy. Add
deb http://ftp.us.debian.org/debian stretch-backports main
to a new line at the end of/etc/apt/sources.list
.Then run
apt-get update
. And re-run theapt-get install python-certbot-nginx -t stretch-backports
.I now got the actual latest release of certbot, 0.28.0.
For me, the dry-run test got hung up the challenge part. I sort of expected it since I haven't put this new vm in place yet. So, right now, I'm assuming this is good to go.
And that was all there was to it. Everything worked as expected when I downed the old system and put this one in. I even did a force renew just to be sure by running certbot renew --nginx --force-renewal
.