User Tools

Site Tools


unix:letsencrypt:recoveringfrombrokeninstall

LetsEncrypt - recovering from bad install

The script for installing LetsEncrypt can break, especially if you do not watch for errors on your own system. For example, one of our techs did not notice the package installation failed on one of the installs, which resulted in an unusable system.

NOTE: The server itself was ok, and no services were affected, but certbot was not able to request or install certificates. After we fixed the errors, attempts to reinstall failed as the installer found the partial install and assumed all was still go. No “reinstall” or “uninstall” options were found.

The installation locations are not well documented, but we were able to locate enough of it so we could return the system to a fairly pristine state. Basically ran

find / -name letsencrypt -o -name certbot

to figure out what to do.

Do not run the following script if you have successfully installed a certificate via certbot. certbot “remembers” the state the server was in before it ran, and can return to that state, but not after running the following. Use the rollback option before running this:

./certbot-auto rollback

Anyway, it did the full, but broken, install. No instructions anyplace for how to remove it (it will only install dependencies if it is not installed already). So, I ran

rm -fRv /root/certbot/ root/.local/share/letsencrypt /etc/letsencrypt/
/var/lib/letsencrypt/ /var/log/letsencrypt/

Once I did that, it appears to have been cleanly uninstalled.

To completely remove the system (untested)

remove_certbot.sh
cd /opt/certbot
./certbot-auto rollback
rm -fRv /root/certbot/ root/.local/share/letsencrypt /etc/letsencrypt/
/var/lib/letsencrypt/ /var/log/letsencrypt/

Case Study

This is what happened with us. One of the techs did the install but missed a message from apt (debian system) that a repository was missing. The install script continues, but you end up with an unusable certbot install.

I tried rerunning the installer, deleting, then re-downloading the installer,and had no luck any time. Finally, I figured out the above script, ran it, then carefully started a new install. I saw the following error mesages:

./certbot-auto: 229: ./certbot-auto: lsb_release: not found ./certbot-auto: 231: ./certbot-auto: lsb_release: not found No libaugeas0 version is available that's new enough to run the

These do NOT stop the install; it just continues on, but creating a broken install. So, I removed it all again and fixed the lsb and libaugeas0 problems with the following:

fix.sh
echo 'deb http://http.debian.net/debian wheezy-backports main' > /etc/apt/sources.list.d/wheezy-backports.list
apt-get update
apt-get install -y lsb-release

Note: wheezy-backports has a newer version of libaugeas0, which is required for correct operation of certbot.

unix/letsencrypt/recoveringfrombrokeninstall.txt · Last modified: 2016/09/25 23:35 by 127.0.0.1