Installing Let's Encrypt Certificates

[Blue-Sassley]

When I try and install the Let's Encrypt's certificates, I get the error unable to generate certificates:

rtorrent@box:~$ sudo rtletsencrypt
IP: 7.8.7.4
DN: box.domain.com
certbot already installed
unable to generate certificates

When I hand run the command to generate the certificate out of the script this is the error I am getting:

rtorrent@box:~$ sudo certbot -q --nginx --register-unsafely-without-email --agree-tos certonly -d box.domain.com
The requested nginx plugin does not appear to be installed
rtorrent@box:~$

I did install certbot via sudo apt install certbot and then ran the script to get to the unable to generate certificates. Not sure what I am missing, this is a clean install on Ubuntu 20.04.1

[V33m]

From doing some quick research, there have been some issues with Certbot on Ubuntu Focal. I've not tested Let's Encrypt, so there probably is an issue which we have to look into. Unfortunately I'm not able to test this, so hopefully you can. There are several ways to do this, however, I think the most optimal is to take the road which Certbot recommends (https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx).

Start with removing certbot: sudo aptitude remove certbot python-certbot-nginx -y
Then copy the content in the attached file to rtletsencrypt and run rtletsencrypt: sudo rm /etc/rtinst/scripts/rtletsencrypt && sudo nano /etc/rtinst/scripts/rtletsencrypt && sudo chmod +x /etc/rtinst/scripts/rtletsencrypt && sudo rtletsencrypt.
rtletsencrypt.txt

[Blue-Sassley]

V33m, so I removed certbot like you said:

sudo aptitude remove certbot python-certbot-nginx -y

After that I ran the new script you attached, and got the following

rtorrent@box:~$ sudo rtletsencrypt
IP: 7.8.7.4
DN: box.domain.com
Installing certbot
Install Failed

So I then ran these commands from your script

aptitude -q=5 -y install snapd
snap install --classic certbot

And found both snapd and certbot were installed just fine so I just removed the chunk of code for installing certbot because it was already there and then re ran the script and then it worked perfectly:

rtorrent@box:~$ sudo rtletsencrypt
IP: 7.8.7.4
DN: box.domain.com
Certificates Generated
Replacing certificates in nginx and vsftpd
rtorrent@box:~$

[V33m]

Glad to hear that you finally got it to work. Regarding the "Install Failed" message, could you please run the following command to verify if the old code is able to check if certbot is successfully installed:
dpkg-query -W -f='${Status}' "certbot" 2>/dev/null | grep -c "ok installed"

In my case, I receive the message0 which implies that certbot is not installed, which is true.

[Blue-Sassley]

When I run just that I also get 0

rtorrent@box:~$ dpkg-query -W -f='${Status}' "certbot" 2>/dev/null | grep -c "ok installed"
0
rtorrent@box:~$

[V33m]

Good, then we have identified the issue. Please give me the output of the two commands below:

if [ $(snap list | grep -c "certbot") = 0 ]; then echo "Install Failed"
else  echo "Certbot is installed"; fi

if snap info certbot; then echo "Install Failed";
else echo "Certbot is installed"; fi

[Blue-Sassley]

Here you go:

rtorrent@box:~$ if [ $(snap list | grep -c "certbot") = 0 ]; then echo "Install Failed"
> else  echo "Certbot is installed"; fi
Certbot is installed

rtorrent@box:~$ if snap info certbot; then echo "Install Failed";
> else echo "Certbot is installed"; fi
name:      certbot
summary:   Automatically configure HTTPS using Let's Encrypt
publisher: Certbot Project (certbot-eff✓)
store-url: https://snapcraft.io/certbot
contact:   https://github.com/certbot/certbot/issues
license:   unset
description: |
  The objective of Certbot, Let's Encrypt, and the ACME (Automated
  Certificate Management Environment) protocol is to make it possible
  to set up an HTTPS server and have it automatically obtain a
  browser-trusted certificate, without any human intervention. This is
  accomplished by running a certificate management agent on the web
  server.

  This agent is used to:
    - Automatically prove to the Let's Encrypt CA that you control the website
    - Obtain a browser-trusted certificate and set it up on your web server
    - Keep track of when your certificate is going to expire, and renew it
    - Help you revoke the certificate if that ever becomes necessary.
commands:
  - certbot
services:
  certbot.renew: oneshot, disabled, inactive
snap-id:      wy7i66qPx4neXr6m9rTh7Y40h8EhtZFh
tracking:     latest/stable
refresh-date: today at 14:22 UTC
channels:
  latest/stable:    1.7.0               2020-08-04 (500) 49MB classic
  latest/candidate: ↑
  latest/beta:      1.7.0               2020-08-04 (500) 49MB classic
  latest/edge:      1.7.0-64-gd62d853ea 2020-08-30 (565) 49MB classic
installed:          1.7.0                          (500) 49MB classic
Install Failed
rtorrent@box:~$

[V33m]

Solved in rtinst v1.8.14.

[vincenthawke]

I’ll just post here to not open another issue as I have a similar one. Your script helped me install all the snap dependencies. First with No snaps are installed yet. Try 'snap install hello-world'. and then I found in this thread I also had to run snap install --classic certbot and this helped me go from:

IP: 1.2.3.4
DN: hostname
Installing certbot
Install Failed

To

IP: 1.2.3.4
DN: hostname
certbot already installed
unable to generate certificates

Is this because I absolutely have to buy and configure a domain name? (I don't have one yet) This script won’t generate SSL certificates for my IP because Let’s Encrypt wont allow that? My OS is Ubuntu 20.04.1 as well.
I purcahsed a cheap domain and configured a server block for it and I got:

Certificates Generated
Replacing certificates in nginx and vsftpd

It works now:)

We have to run sudo rtletsencrypt every 3 months right? Cronjob will do.

[V33m]

First with No snaps are installed yet. Try 'snap install hello-world'. and then I found in this thread I also had to run snap install --classic certbot and this helped me go from:

The issue is solved in latest rtinst v.1.8.15.

We have to run sudo rtletsencrypt every 3 months right? Cronjob will do.

Certbot comes with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration. You can test automatic renewal for your certificates by running: sudo certbot renew --dry-run