0

I'm looking for a way to use free SSL certificates in Apache running in Debian 6 squeeze.

I tried to use Lets-Encrypt

running

./certbot-auto --apache certonly --no-bootstrap

throws error

WARNING: couldn't find Python 2.7+ to check for updates.
Traceback (most recent call last):
  File "<stdin>", line 16, in <module>
  File "/usr/lib/python2.6/distutils/version.py", line 140, in __cmp__
    compare = cmp(self.version, other.version)
AttributeError: StrictVersion instance has no attribute 'version'

I tried to install python 2.7 in Sqeeze using 

apt-get install python-pip

but this throws error

Reading package lists... Done
Building dependency tree
Reading state information... Done
You might want to run 'apt-get -f install' to correct these:
The following packages have unmet dependencies:
 openssl : Depends: libssl1.0.0 (>= 1.0.1e-2+deb7u5) but it is not installable
 python-pip : Depends: python-pkg-resources but it is not going to be installed
              Depends: python-setuptools (>= 0.6c1) but it is not going to be installed
 wkhtmltox : Depends: libssl1.0.0 but it is not installable
E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution).

How to use free SSL certificates in sqeeze with Apache ?

Squeeze has also Mono last version installed from sources. Maybe some .NET or Mono ACME client can used.

Andrus
  • 169
  • 4
  • 12
  • Debian Squeeze is much, much too old to run certbot. Not to mention it has been EOL for quite some time. You will need to upgrade to a currently supported Linux distribution. – Michael Hampton Jan 04 '19 at 21:39
  • Squeeze server has large number of users and different heavily used applications. Upgrade is huge amount of work. I'm looking for a way to avoid it. – Andrus Jan 05 '19 at 07:59
  • The upgrade you're looking to avoid is already more than three years overdue. You won't be able to avoid it much longer. – Michael Hampton Jan 05 '19 at 13:07
  • Why it cannot avoided ? acme.sh script works OK in squeeze. I compiled latest openssl and mono from sources and they also work OK. Is it possible to do automatic upgrade from squeeze to latest using `apt-get dist-upgrade` or will this cause server to stop working. – Andrus Jan 05 '19 at 13:49
  • You must update because you don't have any security update on squeeze, have a look here: https://wiki.debian.org/fr/DebianReleases . You server is completely opened to any security fault that may have been discovered since support stopped... The update should be thoroughly tested before it's done on any production server.... – night-gold Jan 15 '19 at 14:08
  • Ports 80 for http, 443 for https, 22 for ssh and 5432 for Postgres are opened. Can you provide link to discovered security fault which can used ? I dont know any security fault. – Andrus Jan 16 '19 at 15:11

1 Answers1

2

Try acme.sh shell script instead (https://github.com/Neilpang/acme.sh). I haven't good experience with Certbot on such old distributions, but acme.sh worked quite good for me. Or upgrade your OS to newer version (how @Michael Hampton already said in his comment), but it could be hard sometimes or customers don't want to pay for :)

patok
  • 692
  • 1
  • 5
  • 15