1

I'm running a Debian 8.11 (jessie) server (don't worry, a upgrade is plannend for later this year). It's a LAMP server, with addition to that, an ISPConfig installation. For the website (served through Apache), a SSL certificate is created with letsencrypt (or certbot, not sure if it's different). The thing is that it uses the old ACMEv1 protocol, which is deprecated and will be removed. Therefore, I'm trying to upgrade my certbot installation to use the new ACMEv2 protocol.

On the website of certbot it is stated that the packaged version of certbot must first be removed. However, this does not seem to be installed through a package manager. (apt-get remove certbot results in a Package "certbot" is not installed, so not removed).

Now I could manually remove all folders from certbot and letsencrypt, but that doesn't seem like the right way to do things. If I do a find for certbot and letsencrypt, I get the following data back:

find / -name certbot 2>/dev/null
/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot
/root/.local/share/letsencrypt/bin/certbot
/opt/certbot

find / -name letsencrypt 2>/dev/null
/root/.local/share/letsencrypt
/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt
/root/.local/share/letsencrypt/bin/letsencrypt
/var/log/letsencrypt
/var/lib/letsencrypt
/etc/letsencrypt

In addition, I do not know how the certificates are currently being renewed automatically. The system was set up by someone who is no longer available, so I can no longer request that data. I looked in crontab and the like, but I couldn't find anything there. The output of crontab -e:

0 19 * * * /var/scripts/{{WEBSHOP}}_feed_generator.scr
15 19 * * * /var/scripts/{{WEBSHOP}}_channable_feed_generator.scr

0,15,30,45 * * * * curl --silent https://www.{{WEBSHOP}}/index.php?route=ne/wapcron/do_scheduled

0 7,13,19 * * * /var/backups_www/scripts/createBackup.sh
* * * * * /usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done
* * * * * /usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done

So actually I have three questions;

  1. How do I find out how the certificates are automatically renewed / how can I stop it so that it does not interfere with the new system
  2. How can I properly remove the old system?
  3. If the above parts are done, can I follow the installation instructions for certbot-auto? Or are more steps required?
Mathlight
  • 123
  • 1
  • 6
  • did you check crontabs? – A.B Mar 01 '20 at 18:19
  • @A.B, yes I did. I've added the output of `crontab -e` for clarification. – Mathlight Mar 01 '20 at 18:23
  • 1
    are you supposed to mess with that yourself when its probably ispconfig doing it for you? opinion, but: you have a mystery box, one that badly needs an update anyway. it seems to be a lost cause. if letsencrypt still works now you're good for another 3 months at minimum, plenty of times to make plans and migrate to a clean new uptodate box where you know exactly how it is set up. – frostschutz Mar 01 '20 at 18:24
  • 1
    this may or may not be your setup https://www.howtoforge.com/tutorial/perfect-server-debian-8-4-jessie-apache-bind-dovecot-ispconfig-3-1/2/#-install-lets-encrypt – frostschutz Mar 01 '20 at 18:26
  • @frostschutz, You are correct about your opinion. I do want to migrate to a new setup, but due to timing constraints I don't know if it will be on time. Nevertheless, your link did clear some things up. I ran the `/opt/certbot/./certbot-auto` command, in which certbot updated itself from version 0.12.0 to 1.2.0 and created new certificates. So I believe that concludes the whole upgrade to use ACMEv2. If you could put something like that in an answer, I can mark this question as answered. Thanks for your pointer. – Mathlight Mar 01 '20 at 18:37

0 Answers0