-
-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create an official PPA for Ubuntu letsencrypt packages #1706
Comments
👍 |
1 similar comment
👍 |
👍 |
👍 |
pretty please? |
Yes please! |
Yes, please. |
+1 |
2 similar comments
+1 |
+1 |
There has been a ton of effort spent on @pde - please clarify above and provide ETA on the PPA. |
For recent versions of Ubuntu, the package in Debian unstable should work fine. Once we have backported the package to Debian jessie, making it work in Ubuntu 14.04 should be easier. This will of course require packaging a number of dependent libraries as well. |
+1 for a PPA to provide a more traditional/standardized way of installing unpackaged software. |
The update we got last week from Harlan was that various debian maintainers had done a great job of backporting all of our python dependencies, but the outstanding blocker was |
Can't the Sphinx doc building be temporarily disabled for PPA packages? As a user, I'm perfectly fine with having to go online to check documentation (in fact I prefer that instead of reading local HTML files in /usr/share/doc/). |
if it's only the
reason: |
The proposal by @zwetan to separate the debs for the application and the documentation is already well proven by many other applications, from GIMP to LibreOffice. It benefits the developers, who don't have to rebuild the documentation every time there is a security upgrade, and it gives them have the freedom to update the documentation during application quiet-times. I commend the idea. |
There is already letsencrypt in The docs seem to be optional deps there. |
my point exactly, some servers in prod only rolls with LTS -> security patches -> next LTS |
Most recent update is that a sphinx backport has unblocked packaging for Debian 8, and a PPA will be on the way shortly afterwards. |
@zwetan 👍 I can't use letsencrypt since I'm using 14.04 and there is no official repo for 14.04 |
👍 |
1 similar comment
👍 |
Hi all, can I use the cited PPA https://launchpad.net/~certbot/+archive/ubuntu/certbot It is secure, reliable, and updated? |
As for all PPAs, this is your call. However, @oerdnj is a Debian packager and already does an awful lot of work in other PPAs for Ubuntu (e.g. his incredibly useful PHP PPA). If you trust him, you can trust his PPAs.
The git version sets up a Python virtualenv to build the software and installs all of the associated dependencies locally. A PPA does this behind the scenes so there are fewer end-result packages. |
This PPA is ready for use! We'll be updating certbot.eff.org to tell people to use it over @hlieberman, @oerdnj: can you remove "(semi-official)" from the title of the PPA? |
Any chance of getting the PPA renamed to |
When will the PPA be updated? Version 12 has been out for 13 days. |
im pretty sure you need a prefix to a ppa so it knows which user and repo it belongs too, or else it wont know which repo in that username to pick, I may be wrong, someone else can chime in, of all the ppa i use none just have a prefix.
…Sent from my iPhone
On Mar 15, 2017, at 5:18 PM, Geoffrey Fairchild ***@***.***> wrote:
I like @elyscape's suggestion.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
@elyscape That would force all the people that are already using the ppa to change their configurations just for aesthetics, so sorry, no, that's not an option at this stage. |
@chrismccoy ,
As I was writing this, @oerdnj replied, so the point is now moot anyways :) |
A PPA named just 'ppa' can be added, as @elyscape says, with a shortened In terms of updates, 0.12 has not yet landed in Debian (not even sid or experimental). Once it has, and has been suitably wrangled, it should make its way into the PPA:
I assume you want a tested, working package to deploy? :) --edit |
@enoch85 Is there anything broken for you? #4233 is troubling, but that's it. I usually follow @hlieberman workflow and he apparently hasn't had time to update Debian packages yet, and I don't want to step on his toes. I can pull a patch from #4243 on top of 0.11.1 if this gives problems for more people using this PPA, but I don't really follow this "new version just for a sake of new version" worldview. |
@bmw "(semi-official)" removed. If you have any other suggestions for the title or description, I would be happy to change it. |
@oerdnj No, not yet but maybe soon, as I converted to this PPA from the git version which is 12 and I get warnings about the certs generated with 12. Would be awsome with an update. And as always, you rock! |
how long does it usally take to get an update from the launchpad maintainers, i see certbot/certbot on launchpad is at 0.11.1 and 0.12 is out on github.com |
@chrismccoy Read the comment by the maintainer of the PPA three comments back from yours, i.e. #1706 (comment). |
Getting this when trying to install a new cert with Certbot 12 from the PPA in this issue. Don't know if it's a Let's Encrypt bug or something with the PPA. Also reported it here: https://community.letsencrypt.org/t/ubuntu-14-04-with-certbot-auto-failing-tls-sni-challenge-with-apache/33439/2
My certs are generated correctly, but I think someone should look into the python warning message. |
@oerdnj Sorry to bother you, but is there any way I can follow the packaging of the new versions? i.e. when a new package will/could be ready. I'm waiting for new packages (v0.14.x) so I can auto-renew certs using Cloudflare and DNS auth. |
@shaneog There's no plan as it's on "free time right now" basis (unless there would be a critical bug). However update to 0.14.1 seems as a simple update, so I am uploading the builds right now. |
Thank you! |
Since the crontab created by installing from the PPA doesn't include the /bin/run-parts bit anymore, what's the recommended way of specifying renew hooks? For now, I'm just changing my /etc/cron.d/certbot script back to what @oerdnj had in place a few months ago (I'm on Ubuntu 16.04):
...and putting my hook scripts in those directories. Is there a better way to go about this? |
It depends on what you'd like to accomplish. There are two main options, but make sure you read the warnings I placed at the bottom of this post. Global configuration fileYou can get behavior similar to the
The only behavioral difference between this and the previous crontab is these hooks sometimes also run when obtaining a certificate with other Certbot subcommands such as Certificate configuration fileAnother option is to define hooks per certificate. This allows you to run different hooks depending on the certificate. When you obtain a certificate, the hooks you used to obtain that certificate are stored in Warnings
|
Perfect, the global config file is exactly what I need, thanks! |
So what's the actual status of renewal hooks? Strange how this has become so messy. First it was a cronjob calling parts in different dirs, then a cli file, and now all I see with a clean install are the dirs, since the cli doesn't hold any info on it anymore. |
I agree it's super confusing and there is a ton of conflicting or outdated info about this. My understanding is that the current best practice is to use This is the best info I've found on it: https://community.letsencrypt.org/t/certbot-dovecot-postfix-certificate-renewal-issue/72226/11 |
yes, confusing (!)... But your link is also confuse and its content not reliable.... Hi all, can some of the experts to clean and summarize? Express a "reliable summary for 2020". |
Well, about title of this issue, "PPA for UBUNTU", the summary is there, seems perfect! |
@oerdnj I was curious what it takes to get an updated certbot + dns plugins in the repo nowadays? Specifically because certbot 1.2 is adding support for limited-scope Cloudflare DNS-01 tokens, which is a big security boost over the old way which required global API keys |
I don't think this is the right issue to be discussing that. This closed issue is about an apt repository for installing the |
Well, I was merely continuing on what drewcking asked, since the answer to that actually did not work in my case. Which has to do with the ubuntu LE packages (that aren't up to date).. |
It would be awesome if there was an official Ubuntu PPA for letsencrypt packages.
The text was updated successfully, but these errors were encountered: