2

Environment: Centos 8, Certbot, Lets Encrypt

On CentOS distributions certbot / Lets Encrypt uses snap to keep SSL certificates up to date. Below are the instructions.

certbot instructions: Nginx on CentOS/RHEL 8

$ sudo snap install core; sudo snap refresh core

$ sudo ln -s /snap/bin/certbot /usr/bin/certbot

$ sudo certbot --nginx

However in a comment to this question Michael Hampton indicated that snap is not commonly used for Centos distributions and not necessarily needed for this job.

This isn't really an issue on CentOS where the packages are kept up to date. You could try to use the snap, but snap is largely yet another technologically questionable Canonical thing and most everyone else in the world ignores it.

How might certbot / Lets Encrypt be set up on CentOS / NGINX so that a certificate is downloaded and kept up to date without snap? I'm beginning to realize that the fewer technologies I use the less chance something might go wrong in the future.

myNewAccount
  • 519
  • 1
  • 5
  • 14

1 Answers1

3

certbot is available on EPEL. Follow these instructions to add the Extra Packages for Enterprise Linux (EPEL) to your system. After that certbot can be installed like any other package with yum install certbot.

The certbot package is then updated along with the other packages on the system when running yum update.

Henrik Pingel
  • 8,676
  • 2
  • 24
  • 38
  • Isn't certbot just a utility? Even if it's kept up to date that wouldn't necessarily mean that the certs it installed are kept up to date. Or do I understand certbot incorrectly? – myNewAccount Feb 22 '21 at 18:08
  • 2
    That's true. But snap is only about updating the certbot package itself, not certificates. You need a cronjob for that. The package comes with `certbot-renew.service`. Check that, I guess it takes care of that. – Henrik Pingel Feb 22 '21 at 18:12
  • 1
    Or rather you should enable and start `certbot-renew.timer`, which will start the renew service periodically. – Michael Hampton Feb 22 '21 at 18:47