Today I'm changing out my old Ubuntu firewall server with a Debian 9 system. The only concern so far, certbot. And it was a minor challenge.
I did an
apt-get install python-certbot-nginx, hit
y to install it and all of the dependencies.
I then tar'd up the /etc/letsencrypt directory on the source server.
cd /etc/letsencrypt tar -cvpf . -f ~/letsencrypt.tar
Copy the letsencrypt.tar file to the target folder and extract it
cd /etc/letsencrypt scp <user>@<source server>:<path to letsencrypt.tar> letsencrypt.tar tar -xpvf letsencrypt.tar
Now, test it with
certbot renew --nginx --dry-run --force-renewal.
Note: I ended up getting an error
certbot: error: unrecognized arguments: --max-log-backups 0
I found that the
--max-log-backupswas added in a newer version of certbot than what apt-get installed. It installed version 0.10.2. It was added in something like 0.17.0.
I then tried following the guide at certbot's site. It said to use
sudo apt-get install python-certbot-nginx -t stretch-backports.
Ran that, then got another error saying that
E: The value 'python-certbot-nginx' is invalid for APT::Default-Release as such a release is not available in the sources.
The fix was easy. Add
deb http://ftp.us.debian.org/debian stretch-backports mainto a new line at the end of
apt-get update. And re-run the
apt-get install python-certbot-nginx -t stretch-backports.
I now got the actual latest release of certbot, 0.28.0.
For me, the dry-run test got hung up the challenge part. I sort of expected it since I haven't put this new vm in place yet. So, right now, I'm assuming this is good to go.
And that was all there was to it. Everything worked as expected when I downed the old system and put this one in. I even did a force renew just to be sure by running
certbot renew --nginx --force-renewal.