installing certbot

[edwardsmarkf]

hello all -

previously i have installed certbot using dnf/yum and i see installing that way gives me version 1.7 -- but the certbot-auto script is version 1.9

the certbot-auto command came from using

Code: Select all

wget  https://dl.eff.org/certbot-auto ;

the certbot forum is now advising me to use snap https://snapcraft.io/docs/installing-snap-on-fedora instead of dnf to install certbot.

are there any centos opinions on this? i have gotten into serious trouble in the past by installing from sources other than dnf/yum using rogue rpm's.


side-note: this is the best forum i belong to. thank you all for your excellent responses to my questions, even the ridiculous ones.

[TrevorH]

We almost never recommend installing from source. Your best bet is to chase through bugzilla.redhat.com in the Fedora EPEL section and find out why it's backlevel - perhaps it's deliberate.

[edwardsmarkf]

thank you - i had previously raised the issue through Cerbot, and they are suggesting to use Snap:

https://community.letsencrypt.org/t/ver ... h/136103/7

it seems as if that Snap installs are some sort of superset over dnf/yum. and its very encouraging to see that Snap is a dnf/yum install.

its easy enough to understand why the dnf/yum version of Certbot is older since yum/dnf (in my experience) tend to wait a bit before approving newer releases.

my question is what are the thoughts of using Snap for any installations?

i suspect i would not notice the difference between Certbot 1.7 and 1.9 but still i wanted some other opinions, especially using snap to install anything. Unless i hear some positive thoughts on using Snap, i will not use it. But i am still very curious about it.

[TrevorH]

You just need to use dnf --enablerepo=epel-testing install certbot and you'll get 1.9.

Snap sounds like a good idea until you realise that it bundles an entire linux system with it as a runtime... If you like installing about 5GB of stuff to run a 20KB executable then they're fine!

[KernelOops]

certbot is garbage compared to these two shell scripts:

dehydrated https://github.com/dehydrated-io/dehydrated

acme.sh https://github.com/acmesh-official/acme.sh

take a look at both and decide which one you like to use, both are great scripts and highly recommended over that certbot garbage.

[edwardsmarkf]

TrevorH - i know i say this often, and you may get tired of hearing it, but THANK YOU.

[edwardsmarkf]

certbot is garbage compared to these two shell scripts:

dehydrated https://github.com/dehydrated-io/dehydrated

acme.sh https://github.com/acmesh-official/acme.sh

take a look at both and decide which one you like to use, both are great scripts and highly recommended over that certbot garbage.

interesting - i will investigate.

acme.sh looks particularly interesting in that its just a shell script (a very powerful script, but still a script). thank you KernelOops.

[KernelOops]

Both are plain shell scripts. Their authors have done a remarkable job. Both scripts are able to run with very little memory usage, thus they are great for small devices, cloud servers with little memory and tons of other uses.

In addition, acme.sh also supports a wide range of hosting providers DNS API, thus certficate updates don't require an open port 80, more details here:

https://github.com/acmesh-official/acme.sh/wiki/dnsapi