Update only acme, please help me

gperna · July 16, 2021, 6:23am

NethServer release 7.3.1611 (Final)
3.10.0-693.2.2.el7.x86_64
Email
Groupware WebTop 5
Messaggistica istantanea
Nextcloud
Server MariaDB (MySQL)
Web mail Roundcube

Hello,
i have recived this alert:

etc/cron.daily/nethserver-letsencrypt-certs:
An unexpected error occurred:
The server experienced an internal error :: ACMEv1 is deprecated and you can no longer get certificates from this endpoint. Please use the ACMEv2 endpoint, you may need to update your ACME client software to do so. Visit https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/27 for more information.
Please see the logfiles in /var/log/letsencrypt for more details.

Would it be possible via cmd to update only acme?

I cannot update Nethserver as the update blocks Nextcloud.

Thank you

Andy_Wismer · July 16, 2021, 6:50am

@gperna

Hi

Your system is way too old.

LetsEncrypt changed their CA cert, your old system missed all the steps pointing the new CA, so can’t handle this directly.

I’m running 7.9 at home, also a very old installation, upgraded along the way.
NethServer including LetsEncrypt works without issues, so does Nextcloud, RoundCube and several other (newer) stuff.

I don’t use Webtop, but I can confirm it has come great steps, and works well under NethServer 7.9.

So - make sure you have a backup AND a config backup working - and upgrade your server!

Any issues can be solved along the way, but I doubt you will have many. Maybe because your system is very old, you may have to do a couple of steps…
-> But it will work!

Note: All my systems run virtualized, it gives me more and faster options for disaster recovery, restore & more. A snapshot before any critical update, Live backups, etc…

Good luck!

My 2 cents
Andy

gperna · July 16, 2021, 7:24am

Hello ANDY,
thanks for you replay.

Please help me for

“So - make sure you have a backup AND a config backup working - and upgrade your server!”

i have the backup for veeam, but i not have the config backup,
Please help me for the config backup?

thanks

Andy_Wismer · July 16, 2021, 7:31am

Hi

If still using the older Server-Manager / NethGUI (Port 980):

Bildschirmfoto 2021-07-16 um 09.39.10

This is what it looks like:

I would also suggest configuring a backup using the built in Duplicity in NethServer:

Here I’m using NFS to backup to a NAS, keeping a week (7 days) of backups.
A USB Disk will also work, another Option is a Samba / Windows share.

After Updating, eg with 7.9, you will have much more backup options!

My 2 cents
Andy

m.traeumner · July 16, 2021, 8:26am

Of course it’s also possible at cockpit.

The configuration backup is pre-configured and saved in

/var/lib/nethserver/backup/

config_backup640×780 52.4 KB

You only have to schedule the data backup.

schedule1904×769 28.4 KB

schedule2905×773 41.2 KB

schedule3908×771 39.4 KB

schedule4904×774 31.1 KB

Also like @Andy_Wismer mentioned do a snapshot too.

Andy_Wismer · July 16, 2021, 8:38am

@m.traeumner

And Cockpit was available already in 7.3 ?
I edited my first post - not enough coffee at that time…

My 2 cents
Andy

m.traeumner · July 16, 2021, 9:38am

Do you have one for me too?

It was not part of 7.3.
You can install it at 7.3, but this makes no sense.

danb35 · July 16, 2021, 11:26am

It sounds like that really needs to be fixed, and your Nethserver upgraded–though given its age, that’s likely to be a fairly involved process. But I’m not sure that’s needed immediately; it would be a very old version of certbot indeed that didn’t support ACMEv2. What version do you have? certbot --version will tell you.

Edit: It looks like certbot update_account may do what you need.

gperna · July 21, 2021, 7:05am

Hello danb35,
please help me to update only certbot.

# certbot --version
certbot 0.18.1

# certbot-2 --version
certbot 0.18.1

# certbot update_account
usage:

certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] …*

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: update_account

I wont update certbot 1.11.0 1.el7 and .dependencies
thaks

pike · July 21, 2021, 8:07am

@gperna IMVHO updating only certbot is going to create another problem to manage.
If Nextcloud is critical, the whole system needs to be updated. For corrections. For security patches. And for correctly interact with the future.

It will be long. Not easy. Not 1-step. Not without mistake. So take the task as a long chess match.
Do a plan.
Try to find into the plan what could possibly go wrong.
Consider failing as an option.
And biggest advice ever BBB. Best Backup Before. More than one. On more than one destination.

Bad luck is quite a b!tch

danb35 · July 21, 2021, 10:07am

That is very, very old. I’m not quite sure how Neth does the repo locking to prevent inadvertent upgrades, but try yum upgrade certbot --enablerepo=epel.

gperna · July 21, 2021, 1:11pm

Thanks danb35,
i have try yum upgrade certbot --enablerepo=epel

can i upgrade certbot?

thanks

danb35 · July 21, 2021, 1:23pm

Looks to me like it would be safe to upgrade. If you’re concerned, you can always take a snapshot of the VM first.

crx · August 5, 2021, 6:46am

Did it work ok to upgrade only certbot?

gperna · August 5, 2021, 7:00am

yes, it is work fine.

thanks

crx · August 5, 2021, 7:52am

Thank you for your prompt answer. After upgrading, renewed the certificate according to ACMEV2, from the NETH interface? Everything went normal after renewal?