Call for testing: certbot (Let's Encrypt)


#1

certbot is now available in edge as a classic snap. If you want a web server running on a system outside a snap (such as with apt install apache2 or apt install nginx), then this snap will get you HTTPS-enabled in one command.

To use, set up your web server as normal with HTTP first, then:

sudo snap install --classic --edge certbot
sudo certbot

This will prove to Let’s Encrypt that you control the domain you’re hosting by adjusting your web server to serve a special file for the proof, obtain a certificate from Let’s Encrypt, install it into your web server and configure your web server for HTTPS.

You can have the tool do specific individual steps instead; see certbot help for details.

This build follows upstream master, building daily and publishing to the edge channel if upstream integration tests pass.

I’m hoping to convince certbot upstream to maintain this snap. In the meantime, I’m maintaining a list of snap-specific issues at https://github.com/basak/certbot-snap-build/issues, and you can also see the build arrangements there (snapcraft.yaml, .travis.yml, etc).

Please test!


#2

I there any chance this turns into a strict snap eventually ?
Classic snaps can not be used on Ubuntu Core (for obvious security reasons) an having letsencrypt supported for https in appliances would be really helpful.


#3

I don’t think this makes sense for the use case being addressed by this snap. A strict snap would not be able to prove domain ownership and configure HTTPS automatically for an HTTP daemon running outside itself. Creating an interface for such a thing would involve embedding or re-implementing certbot inside snapd’s implementation of the interface, which doesn’t seem practical.

It would make more sense for there to be a certbot part that can be added to confined snaps that provide HTTP daemons. I don’t see any reason why such a part couldn’t be maintained alongside the certbot classic snap (which would continue to exist for the “HTTP daemon running on traditional host system” use case), but I don’t have any plans to work on that side right now.

It’s been mentioned that the nextcloud snap already does something like this.

See Certbot: request for classic snap approval for some previous discussion on this.