HTTPS: Problem & Solution

Hi all,

I tried to install LetsEncrypt and I got an error saying certbot is deprecated or something.

So, I went to https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx and followed the instructions there and it got installed nice and easy. The only complexity was that I didn’t know how to install onto site1.local so ended up creating a site name the same as the FQDN (Fully Qualified Domain Name) and it got sorted out.

I’m sure there are guys that are better at this stuff than I, so what’s changed? And is there a problem with the way I installed Lets-Encrypt?

Plus how would you install on site1.local? Would running sudo bench setup add-domain erp.example.com and enter site1.local when asked, help? Or other commands necessary?

Thanks

Jay

Hi,
You have installed V12 local instance, right?
Usually what I do it bench setup lets-encrypt sitename and the system will do the rest.

If you post the full error message, we’ll be better able to help troubleshoot. Also, what output do you get on the command certbot --version ?

Generally speaking, my understanding is that you wouldn’t use certbot to generate a certificate for a local host. If you need a certificate, you can generate your own self-signed one using openssl. That can be useful if you’re wanting to test a site for cross-domain scripts, but generally speaking you can just run local sites unencrypted.

Well the “certbot-auto is deprecated” message is a recent occurrence. I used to run bench setup lets-encrypt sitename and it used to work like a charm. Well, not anymore.

I was just astonished at how simple it was to implement from https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx and I didn’t even have to run a command from the bench.

I just want to be sure that there isn’t a functionality compromise in the way I installed lets-encrypt. Time will tell even if you guys can’t. :slight_smile:

Thanks

Jay

We can’t tell because you haven’t shared any of the relevant details about your versions, install methods, configuration, or errors encountered! :slight_smile:

Functionality will be self-evident here. On a local site, the reasons for wanting ssl are pretty limited anyway. If it’s working, there’s no problem. If there it’s not working, you’ll have to share more info if you want help troubleshooting.

Well, this error is new and has reared up its head in the last 2-3 days I think. (Update: Actually I find posts about these errors from October. So it’s been around for a while). I’m not sure if renewals using the commands from the bench will also encounter errors.

This is the error I encountered: https://community.letsencrypt.org/t/your-system-is-not-supported-by-certbot-auto-anymore/135504

I may have to set up Lets Encrypt on another client site, so will post my experiences and more detailed messages and screenshots when I do.

It’s not a local site and the side does need https.

Thanks

Jay

I just noticed you mentioned certbot-auto, which has indeed been deprecated. Are you sure you followed the instructions linked in your original post to install?

Bench installs certbot via pip, I believe, which doesn’t rely on certbot-auto.

Yes, I had two instances when I tried to run the commands and it gave the certbot-auto deprecated message.

The commands I ran are:

  1. Add custom domain to site1.local by running sudo bench setup add-domain erp.example.com and enter site1.local when asked
  2. Setup letsecrypt by running sudo -H bench setup lets-encrypt site1.local --custom-domain erp.example.com

Not sure if something’s gone wrong with the script. Or if I did anything wrong.

I will know when I run that command again next.

Thanks

Jay

Hi @JayRam,
I guess you are referencing Bench lets-encrypt setup failing, right?

Was your error message in context of virtualenv?
For me the the regular bench-command to setup letsencrypt still does not work. But with the workaround in the above link everything works fine.

I believe it is not possible to install certs to local site as it is not accessible from the internet. Mostly done is to have the site name the same as the FQDN. The certbot process requires it to access and verify the site so it must be accessible from the internet.

Or if you want to have the site name not using FQDN, you should add-domain to the site and install certs to this FQDN. As you did at post #8 above.

And you can have multiple subdomain for the site, e.g www.site1.com, erp.site1.com and have at each it’s own cert installed.
Or use the wildcard *.site1.com using bench setup wildcard-ssl.