Update only acme, please help me

NethServer release 7.3.1611 (Final)
3.10.0-693.2.2.el7.x86_64
Email
Groupware WebTop 5
Messaggistica istantanea
Nextcloud
Server MariaDB (MySQL)
Web mail Roundcube

Hello,
i have recived this alert:

etc/cron.daily/nethserver-letsencrypt-certs:
An unexpected error occurred:
The server experienced an internal error :: ACMEv1 is deprecated and you can no longer get certificates from this endpoint. Please use the ACMEv2 endpoint, you may need to update your ACME client software to do so. Visit https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/27 for more information.
Please see the logfiles in /var/log/letsencrypt for more details.

Would it be possible via cmd to update only acme?

I cannot update Nethserver as the update blocks Nextcloud.

Thank you

@gperna

Hi

Your system is way too old.

LetsEncrypt changed their CA cert, your old system missed all the steps pointing the new CA, so can’t handle this directly.

I’m running 7.9 at home, also a very old installation, upgraded along the way.
NethServer including LetsEncrypt works without issues, so does Nextcloud, RoundCube and several other (newer) stuff.

I don’t use Webtop, but I can confirm it has come great steps, and works well under NethServer 7.9.

So - make sure you have a backup AND a config backup working - and upgrade your server!

Any issues can be solved along the way, but I doubt you will have many. Maybe because your system is very old, you may have to do a couple of steps…
-> But it will work!

Note: All my systems run virtualized, it gives me more and faster options for disaster recovery, restore & more. A snapshot before any critical update, Live backups, etc…

Good luck!

My 2 cents
Andy

3 Likes

Hello ANDY,
thanks for you replay.

Please help me for

“So - make sure you have a backup AND a config backup working - and upgrade your server!”

i have the backup for veeam, but i not have the config backup,
Please help me for the config backup?

thanks

Hi

If still using the older Server-Manager / NethGUI (Port 980):

Bildschirmfoto 2021-07-16 um 09.39.10

This is what it looks like:

I would also suggest configuring a backup using the built in Duplicity in NethServer:

Here I’m using NFS to backup to a NAS, keeping a week (7 days) of backups.
A USB Disk will also work, another Option is a Samba / Windows share.

After Updating, eg with 7.9, you will have much more backup options!

My 2 cents
Andy

1 Like

Of course it’s also possible at cockpit.


The configuration backup is pre-configured and saved in

/var/lib/nethserver/backup/


You only have to schedule the data backup.



Also like @Andy_Wismer mentioned do a snapshot too.

@m.traeumner

And Cockpit was available already in 7.3 ? :slight_smile:
I edited my first post - not enough coffee at that time…

My 2 cents
Andy

1 Like

Do you have one for me too?

It was not part of 7.3.
You can install it at 7.3, but this makes no sense.

1 Like

It sounds like that really needs to be fixed, and your Nethserver upgraded–though given its age, that’s likely to be a fairly involved process. But I’m not sure that’s needed immediately; it would be a very old version of certbot indeed that didn’t support ACMEv2. What version do you have? certbot --version will tell you.

Edit: It looks like certbot update_account may do what you need.

1 Like

Hello danb35,
please help me to update only certbot.

# certbot --version
certbot 0.18.1

# certbot-2 --version
certbot 0.18.1

# certbot update_account
usage:

  • certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] …*

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: update_account

I wont update certbot 1.11.0 1.el7 and .dependencies
thaks

@gperna IMVHO updating only certbot is going to create another problem to manage.
If Nextcloud is critical, the whole system needs to be updated. For corrections. For security patches. And for correctly interact with the future.

It will be long. Not easy. Not 1-step. Not without mistake. So take the task as a long chess match.
Do a plan.
Try to find into the plan what could possibly go wrong.
Consider failing as an option.
And biggest advice ever BBB. Best Backup Before. More than one. On more than one destination.

Bad luck is quite a b!tch

1 Like

That is very, very old. I’m not quite sure how Neth does the repo locking to prevent inadvertent upgrades, but try yum upgrade certbot --enablerepo=epel.

Thanks danb35,
i have try yum upgrade certbot --enablerepo=epel

can i upgrade certbot?

thanks

Looks to me like it would be safe to upgrade. If you’re concerned, you can always take a snapshot of the VM first.

1 Like