Certbot repository issue

re: Ubuntu 20.

I don't remember exactly but I THINK I installed Certbot as instructed by the Linode guide using SNAP.

https://www.linode.com/docs/guides/how-to-install-certbot-for-apache-on-ubuntu-20-04/

When I do an "apt update" I get this message:

"The repository 'http://ppa.launchpad.net/certbot/certbot/ubuntu focal Release' does not have a Release file"

I've done some research and some websites say I should delete the repository.

What is the "Linode way" that I should do this? IS it:

sudo apt-add-repository -r ppa:certbot/certbot

or should I even bother?

If I don't do anything will Certbot NOT renew the certificate when the time comes? I did the 'dry run' and got no error messages:

sudo certbot renew --dry-run

What is the story here. I'm sure some of you have faced this issue.

Thanks, per usual.

7 Replies

You should delete the PPA repository from consideration by apt(1) and use the released version of certbot(1) instead.

apt-cache show certbot

Alternatively, you can fix the error wrt the PPA:

https://www.linuxtechi.com/fix-repository-release-file-error-ubuntu/

You write:

If I don't do anything will Certbot NOT renew the certificate when the time comes?

As long as certbot(1) is installed/configured correctly, it should function correctly. The issue you're having is solely with apt(1) and the configuration of the PPA.

@andysh will disagree but…

Word to the wise… Unless you REALLY (!!!) know what you're doing, I'd avoid PPAs like the plague. They can be extremely useful but that utility comes with a high price, IMHO. Most of that price comes in needless frustration and lost hair…

PPAs can cause problems like this when the PPA developer screws up and uploads a misconfigured PPA or a PPA suddenly goes "unsupported" for your configuration (which is probably what happened here). PPAs can also cause problems during release upgrades…i.e., when you upgrade your Ubuntu to 22.04 ("limp lamprey" or whatever it's going to be called).

-- sw

The error you're seeing is due to a change in the way certbot is distributed. Certbot now only supports installing through Snap instead of package managers like Yum and APT. Our Docs team is working on updating our documentation with the new installation process, but the link Lou provided can walk you through that now.

And Steve's correct regarding the functionality. As long as certbot is configured properly your certificate renewals should continue to work. Having said that, it might make sense to switch over to the Snap distributed certbot to ensure you receive any security fixes and new features.

The Ubuntu packages repository at

https://packages.ubuntu.com/search?keywords=certbot

lists the certbot package as installable by apt(1) at least through 21.10…with no dependencies on snap/snapd.

Snaps, no matter how useful, come with a fairly heavy price (IMHO):

  • They're not standard. Although snap/snapd are available on several different distros, the technology belongs to Canonical.

https://thenewstack.io/canonicals-snap-great-good-bad-ugly/

  • They duplicate resources. certbot(1) is a great example… If you install the certbot snap, you will get a copy of python3 for use only by the certbot snap. If you decide to install something else that requires python3 (say fail2ban), you will need a system-wide copy of python3 for that.

https://askubuntu.com/questions/1261630/why-are-snaps-so-bulky

It gets worse… Lets say you install 2 different snaps that both need python3…say the certbot snap and the fail2ban snap… You'll get a copy of python3 for each snap. The snaps do not share (they are "self-contained"). The amount of disc space required to install python3 is not trivial (~30 MiB by my rough calculation).

  • Snaps update themselves automagically…bad news if some script-kiddie snap developer uploads a broken snap. Every system in the world that uses that snap is going to break unexpectedly.

https://raymii.org/s/blog/Ubuntu_Snap_auto_updates_broke_my_development_setup.html

Choose wisely, grasshopper…

-- sw

Well whaddaya know! I just tested on a brand new Ubuntu 20.04 Linode and running apt search certbot found the official certbot package. I was basing my answer off of the official documentation, but never thought to check the default repos for certbot too.

It does look like they're a bit out of date in those repos, but they're not too far behind. The latest snaps are on v1.15 but the packages in apt only go up to v1.12.

It's good to know there's a bit more flexibility then having to install it as a snap though!

How can I find out if I installed via snap or via apt-get?

Al

@acanton77 writes:

How can I find out if I installed via snap or via apt-get?

You wrote in your OP:

When I do an "apt update" I get this message:
 
"The repository 'http://ppa.launchpad.net/certbot/certbot/ubuntu focal Release' does not have a Release file"

This leads me to believe you installed a PPA using apt(1). AFAIK, PPAs are not available via snaps:

  • Save your certbot configuration someplace (mine's in /etc/letsencrypt).
  • Remove certbot:
apt remove certbot

(DANGER WILL ROBINSON!)

  • Remove the apt(1) configuration instructions for the PPA located in /etc/apt/sources/sources.list & /etc/apt/sources/sources.list.d. See:

https://itsfoss.com/how-to-remove-or-delete-ppas-quick-tip/

(You can skip the GUI method as you probably don't have a GUI. Use the ppa-purge method at your own risk).

  • Do an
apt update
  • Install from the release package:
apt install certbot
  • Re-apply your certbot configuration. (if necessary…DANGER WILL ROBINSON!)

To find out if a package is installed:

dpkg -l | grep <packageName>

<packageName> is certbot, snap, whatever.

This is for Debian but it should be the same for Ubuntu (remember that Debian is Ubuntu's upstream source):

[email protected]:~$ dpkg -l | grep snap
[email protected]:~$ dpkg -l | grep certbot
ii  certbot                           0.31.0-1+deb10u1             all          automatically configure HTTPS using Let's Encrypt
ii  python3-certbot                   0.31.0-1+deb10u1             all          main library for certbot
ii  python3-certbot-apache            0.31.0-1                     all          Apache plugin for Certbot

If you have snap/snapd installed (not a good idea, IMHO, for reasons given above), you can find out which snaps you have installed by following the instructions here:

https://askubuntu.com/questions/979233/how-to-list-files-installed-by-a-snap-package

-- sw

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct