16

I've been following a couple of tutorials to add ssl to my server (node application).

I tried installing Certbot with the following line on by Ubuntu 20.04 server:

sudo add-apt-repository ppa:certbot/certbot

but got a warning and no install:

This is the PPA for packages prepared by Debian Let's Encrypt Team and backported for Ubuntu.                                                                         
Note: Packages are only provided for currently supported Ubuntu releases.
More info: https://launchpad.net/~certbot/+archive/ubuntu/certbot
Press [ENTER] to continue or Ctrl-c to cancel adding it.*

After searching the net, there is mention of not using PPA, but to use an earlier standalone version - also mention of using snap - But I cannot find a concrete answer. I am using Express and not nginX.

Could someone suggest how to install, please?

Update

Ran sudo snap install certbot.

Result:

error: This revision of snap "certbot" was published using classic confinement and thus may perform
   arbitrary system changes outside of the security sandbox that snaps are usually confined to,
   which may put your system at risk.
   If you understand and want to proceed repeat the command including --classic.
SurvivalMachine
  • 2,843
Orange Juice Jones
  • 293

4 Answers4

12

You can use APT, PIP or SNAP to install on Focal / Ubuntu 20.04

(APT works - at least for now.)

But, do not use more than one install method, or mix them.

It sounds like you may have mixed install methods.
You may need to purge everything and start over?

Run these to clean up & delete Certbot first.
If you have certificate(s) already created you will need to recreate them.
Warning: The following lines will delete certbot and files completely!

sudo apt remove certbot* --purge # Purge any old certbots via apt.
sudo apt-add-repository --remove ppa:certbot/certbot # Remove certbot repo.
sudo snap remove certbot
sudo -H pip uninstall certbot; sudo -H pip3 uninstall certbot
pip uninstall certbot; pip3 uninstall certbot
sudo rm /usr/bin/certbot
sudo rm /usr/local/bin/certbot
rm ~/.local/usr/bin/certbot
rm ~/.local/bin/certbot
# You do not always need to delete the cert area, but it's usually best to start fresh:
sudo rm -rf /etc/letsencrypt
# Deactivate and remove any Certbot virtual Python environments you had running/setup.
# Example:
# `deactivate; sudo rm -rf /opt/certbot`
sudo apt update && sudo apt autoremove  # Re-update and remove any orphaned packages.

Just ignore any errors (not founds).
That should cover all bases - both system-wide and user only.

Now decide how you want to install it.
PICK ONE AND ONLY ONE. Do not mix installation methods.

Snap

Installing snaps is easy enough, but I personally dislike using it. I prefer using python pip (as of right now). Snap would be my second choice.

Snap is well documented for Ubuntu Focal on the Certbot site already as the default installation method.

Pip

Instructions are here at Certbot site - or, a more comprehensive guide I wrote for pip installs is here.

Apt

sudo apt show certbot

Package: certbot
Version: 0.40.0-1ubuntu0.1
Priority: extra
Section: universe/web
Source: python-certbot
Origin: Ubuntu

( https://packages.ubuntu.com/focal/certbot )

The APT version has always been many versions behind.
This is no exception.
The current APT version is at v0.40.0 -> (Released Nov 5, 2019).
The current PIP and SNAP versions are v1.19.0 (as of Oct 1 2021).

I recommend using something a bit newer than what APT offers. Since Certbot deals with security/SSL and sometimes the LetsEncrypt/Certbot folks make changes you definitely may want to update to immediately. You may not be able to do that if you use the APT version. And as far as I know you cannot use the Certbot PPA for Ubuntu Focal/20, either.

So, stick with pip -or- snap as your installation method.

B. Shea
  • 1,252
9

They have gotten rid of the apt it is now snap install certbot --classic

Nate
  • 540
  • 1
  • 8
  • 28
2

To install the latest version of a github certbot works on Ubuntu 20.04

sudo curl -o- https://raw.githubusercontent.com/vinyll/certbot-install/master/install.sh | bash

Happy Coding!

Stan S.
  • 487
2

As laid out nicely in the answer by B. Shea, there are three basic options to install certbot: via apt, Pip or Snap, and the good options are Pip and Snap. Now personally I don't like Snap – it provides lazy, bloated installation packages that always include all the dependencies. So I propose to use the Pip install route.

It is important to not simply install the certbot Pip package system-wide, because it will break Pip and other Python installations that use OpenSSL. (If that already happened to you, fix it first.)

Instead, use a virtual Python environment. There are official Pip-based installation instructions for certbot that follow this technique, and the following is my variant of them that, I think, fits better with the directory structure of Ubuntu systems:

sudo apt update
sudo apt install python3 python3-venv libaugeas0

sudo python3 -m venv /usr/local/share/certbot/
sudo /usr/local/share/certbot/bin/pip install --upgrade pip
sudo /usr/local/share/certbot/bin/pip install certbot certbot
sudo ln -s /usr/local/share/certbot/bin/certbot /usr/local/bin/certbot

After a new login to your terminal, you will then have the certbot command available:

$ which certbot 
/usr/local/bin/certbot
tanius
  • 6,610
  • 2
  • 42
  • 52