Certbot Repository has been deprecated

[petrus9]

When I do a sudo apt update on the system I get:

The repository 'http://ppa.launchpad.net/certbot/certbot/ubuntu focal Release' does not have a Release file
So I try:

sudo apt-add-repository -r ppa:certbot/certbot

and get:

The PPA has been DEPRECATED.

To get up to date instructions on how to get certbot for your systems, please see https://certbot.eff.org/docs/install.html.
More info: https://launchpad.net/~certbot/+archive/ubuntu/certbot
Press [ENTER] to continue or Ctrl-c to cancel removing it.

As a side note, Have you thought of using acme.sh instead?

[petrus9]

just read that the certbot PPA is Ubuntu 18 only. 20.04 has its own certbot package or you can use Snap to get the latest: https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal

[MallocArray]

Thank you. The script for handling SSL certs was originally written by the Ubiquity forum member PetriR who designed it for Debian and I brought it over to Ubuntu and for the latest Stack file, Ubuntu 20.04. I didn't have a great way to test it, so I didn't see that it wasn't supported.

I'll keep this open until I have time to look into it, or if you want to look at the file /cloud-init/startup.sh and submit a PR or recommend code changes, I would be happy for some collaboration.

[petrus9]

Ok, thanks, @MallocArray I will take a look and see what I can do.

one thing that I am wondering about is how you are taking care of getting the public ip updated for for the domain so that certbot or acme.sh is able to verify the domain. I see that you allow for a ddns url in the stack variables. Is this how it is taken care of?

[MallocArray]

Same type of situation. I'm using the PetriR script contents but not entirely sure what the ddns step does. It looks like it just does a curl -fs to the ddns address, but not sure how that helps, unless the url you provide has all of your authentication information in it.

[petrus9]

In my testing, adding an update URL with authentication info does not work.

The problem I think too is that the Compute instance gets assigned an ephemeral ip address at some point during the installation.
The script then has to determine the ip address and send this to update the DDNS server before the lets encrypt script runs.

The question then is: at what point in the process is the ip address available in the compute instance during the stack build process. Do you have any idea?

Also how is the DDNS Variable transferred to the install script?

I am thinking of using the GlennR Easy install script to install the cert as well.
For this we first have to have the DDNS record be updated and then run the unifi-latest script like this: Where the domain name and email variables be passed to the script.
The script takes care of installing the latest certbot and creating and installing the ssl cert.

/unifi-latest.sh --skip --add-repository --fqdn domain-name-variable-here --email your-email-variable-here --retry 5