====== certbot / letsencrypt ======


Debian Buster has old ''certbot'' version 0.31
Install latest ''certbot'': 
  * https://packages.debian.org/pl/bullseye/certbot
<code bash>
apt install certbot python3-certbot-apache -t bullseye
</code>

===== obtain wildcard cert =====

<code bash>
# First obtain normal domain certificate
certbot -d 'example.com'

# Then obtain again with wildcard. It will ask to Expand existing cert.
certbot -d 'example.com,*.example.com'
</code>

==== using manual and DNS ====
<code bash>
certbot certonly --manual -d 'example.com,*.example.com'
</code>

TXT entry in following form has to be added:
<code>
_acme-challenge.example.com. 300 IN TXT "gfj9Xq...Rg85nM"
</code>
Ensure record is propagated:
<code bash>
$ host -t TXT _acme-challenge.example.com
_acme-challenge.example.com descriptive text "gfj9Xq...Rg85nM"
</code>


====== Issues ======

<code bash>
# certbot --verstion
An unexpected error occurred:
AttributeError: module 'certbot.plugins.common' has no attribute 'TLSSNI01'
Please see the logfile '/tmp/tmpb1cmrgsb/log' for more details.

# cat /tmp/tmpb1cmrgsb/log
2020-07-02 18:21:23,098:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==1.5.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1317, in main
    plugins = plugins_disco.PluginsRegistry.find_all()
  File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/disco.py", line 207, in find_all
    plugin_ep = PluginEntryPoint(entry_point)
  File "/usr/lib/python3/dist-packages/certbot/_internal/plugins/disco.py", line 54, in __init__
    self.plugin_cls = entry_point.load()
  File "/usr/local/lib/python3.7/dist-packages/pkg_resources/__init__.py", line 2443, in load
    return self.resolve()
  File "/usr/local/lib/python3.7/dist-packages/pkg_resources/__init__.py", line 2449, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/lib/python3/dist-packages/certbot_apache/entrypoint.py", line 4, in <module>
    from certbot_apache import configurator
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 32, in <module>
    from certbot_apache import http_01
  File "/usr/lib/python3/dist-packages/certbot_apache/http_01.py", line 13, in <module>
    class ApacheHttp01(common.TLSSNI01):
  File "/usr/lib/python3/dist-packages/certbot/plugins/common.py", line 443, in __getattr__
    return getattr(self._module, attr)
AttributeError: module 'certbot.plugins.common' has no attribute 'TLSSNI01'
2020-07-02 18:21:23,098:ERROR:certbot._internal.log:An unexpected error occurred:
2020-07-02 18:21:23,098:ERROR:certbot._internal.log:AttributeError: module 'certbot.plugins.common' has no attribute 'TLSSNI01'
</bash>

Solution:

<code bash>
pip list | grep apache
certbot-apache      0.31.0

pip uninstall certbot-apache
apt install python3-certbot-apache -t bullseye

# pip list | grep apache
certbot-apache      1.4.0


</code>