Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Switch from snap to python-certbot on Jammy #76

Open
batonac opened this issue Nov 5, 2022 · 4 comments
Open

Switch from snap to python-certbot on Jammy #76

batonac opened this issue Nov 5, 2022 · 4 comments
Labels
enhancement New feature or request Hold Hold

Comments

@batonac
Copy link
Contributor

batonac commented Nov 5, 2022

Ubuntu 14.04 Jammy ships the with Certbot V1+, unlike previous versions of Ubuntu. Could we switch over for this version of Ubuntu? The DPKGs take up a lot less space and require less complexity for containerized setups.

The main and feature packages are:
certbot - automatically configure HTTPS using Let's Encrypt
python3-certbot - main library for certbot
python3-certbot-dns-cloudflare - Cloudflare DNS plugin for Certbot
python3-certbot-dns-digitalocean - DigitalOcean DNS plugin for Certbot
python3-certbot-dns-dnsimple - DNSimple DNS plugin for Certbot
python3-certbot-dns-gandi - Gandi LiveDNS plugin for Certbot
python3-certbot-dns-gehirn - Gehirn DNS plugin for Certbot
python3-certbot-dns-google - Google DNS plugin for Certbot
python3-certbot-dns-linode - Linode DNS plugin for Certbot
python3-certbot-dns-ovh - OVH DNS plugin for Certbot
python3-certbot-dns-rfc2136 - RFC 2136 DNS plugin for Certbot
python3-certbot-dns-route53 - Route53 DNS plugin for Certbot
python3-certbot-dns-sakuracloud - SakuraCloud DNS plugin for Certbot
python3-certbot-dns-standalone - Standalone DNS Authenticator plugin for Certbot
python3-certbot-nginx - Nginx plugin for Certbot

@elindydotcom
Copy link
Contributor

There's something about those scripts related to multisite and wildcard ssl that prevents them from being used. They were originally used in earlier versions since, like you said, they are simpler. But then it was switched to the snaps when wildcard ssl was added for multisite. I don't remember the exact reason why wildcard ssl support was an issue though - just that using snaps resolved the issue.

@elindydotcom elindydotcom added enhancement New feature or request Hold Hold labels Nov 7, 2022
@batonac
Copy link
Contributor Author

batonac commented Nov 7, 2022

I would expect this to be due to the version, not the package type. Let's Encrypt wildcard support was issued sometime after the service was first introduced.

Snap packages allow you to track with the latest upstream release, which is great, but I'd expect that things have settled down quite a bit with the protocol by now. Any v1+ release of certbot should be feature-complete for the foreseeable future, which is why I'm suggesting it would be safe to revert back to the standard debian packages in 14.04 specifically.

@elindydotcom
Copy link
Contributor

To switch away from snaps would likely have to be done in a major update (eg: wpcd 6.0) since there would be backward compatibility issues to deal with and handle in the code for existing servers. Maybe even have to support both sets of packages for a while. Not sure it's something that can be easily handled near term.

@batonac
Copy link
Contributor Author

batonac commented Nov 14, 2022

I'm not quite understanding, as I think it would be the same command/binary name/syntax either way, but I must be missing something.

Full disclosure, I'm already using these packages in production, in my WPCD Proxmox containers, and have been for some time. I simply install the packages and then block the installation of the snaps by placing an empty file in /root/.wpcd-server-provision-checkpoints/checkpoint100-end.txt in the default container template that's used for provisioning.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request Hold Hold
Projects
None yet
Development

No branches or pull requests

2 participants