Many people using the Let’s Encrypt GIT package to generate SSL certificates on Ubuntu may not be aware yet that the GIT package letsencrypt has been renamed to certbot and from here on out the certbot package is the one to be using. So here’s how to quickly and easily update letsencrypt to certbot on Ubuntu.
It really is as simple as this.
Download the certbot-auto script
sudo mkdir /opt/certbot cd /opt/certbot sudo wget https://dl.eff.org/certbot-auto sudo chmod a+x certbot-auto
Your old letsencrypt package will still be located in /opt/letsencrypt assuming that is where you cloned it to in the first place so you can remove it.
Thereafter there really is nothing to change except now calling certbot-auto from a different folder which will be /opt/certbot/certbot-auto
cd /opt/certbot sudo ./certbot-auto (with the rest of your commands and flags)
So your command line to generate a certificate will now look something like this (example only). Read this tutorial about generating SSL certificates manually for using on Apache, Postfix, Dovecot etc.
sudo ./certbot-auto certonly --agree-tos --rsa-key-size 4096 --renew-by-default -m firstname.lastname@example.org --webroot /var/www/html/ -d mail.mydomain.com --renew-by-default
You will also need to update your Cron job that handles automatically renewing your certificates and make sure it is using the new folder location.
I also suggest adding the –dry-run flag to the end of your command line while you are learning and testing. This will show you any success or error messages without actually generating a certificate. Once you get a successful message just run it again without –dry-run.
Then it’s also a good idea to setup a Cron job to regularly check for updates to certbot too by running a very simple command line script that does the following.
cd /opt/certbot sudo git pull
If you were expecting a slightly more complicated solution, sorry but it really is this easy.
To auto update Certbot from a CRON job just do the following in Cron every Monday at 2:30AM
30 2 * * 1 sudo cd /opt/certbot && sudo git pull
Your existing live keys are still stored in the same location so don’t worry about having to re-generate any keys, they are all still safely stored in /etc/letsencrypt/live/
More articles and tutorials regarding the Let’s Ecnrypt free SSL certificates and how to generate and use them without abusing the system will be following soon. If you have any comments, questions or suggestions, leave them below in the comments section.
I also suggest you join the Let’s Encrypt User Community Forums at this link. There are some very knowledgeable and helpful people there and they are normally very quick to respond and help people, they are also a super friendly bunch.
Happy Nixing in the Nixing Bowl !!!