1

I have Ubuntu 16.04 servers that need to have SSL Certs installed on.

I noticed that Ubuntu 16.04 has the "letsencrypt" package. But Certbot's site has this warning:

Ubuntu Xenial has an old version of Certbot packaged for it that lacks a few features. The webroot plugin doesn't have an interactive mode, so you'll need to specify your domains and webroot paths on the command line to use this plugin.

That makes me wonder: Is it okay to just simply fetch the certbot-auto script from Certbot's site and use that script, the same way as it would be with Ubuntu 14.04?

Will it work? Will there be any drawbacks?

pepoluan
  • 4,918
  • 3
  • 43
  • 71

1 Answers1

1

The main advantage using official distribution packages is that someone trusted reviewed the package itself - this is an additional layer of security and confidence. If you can, stick with what your (official) repository provides.

If your repository don't provide a certbot packages (ie: older Ubuntu/RHEL version), you had no choice that to use what LetsEncrypt provide - namely the certbot-auto script. In this case, the main drawback is the loss of the security guaranteed by a distro-specific official repository.

shodanshok
  • 44,038
  • 6
  • 98
  • 162
  • Yes, there's that. But if the source can be trusted (and actually provided a way to ensure trustworthiness, e.g., GPG signature), then the trust matter shouldn't be a major issue. As it is right now, the `letsencrypt` package provided by Ubuntu is (1) slightly buggy, and (2) does not have features available in the latest version. – pepoluan Jan 14 '17 at 06:18