[Letsencrypt-devel] Certbot in Debian Stretch

Peter Eckersley pde at eff.org
Wed Nov 30 20:45:45 UTC 2016

On Tue, Nov 29, 2016 at 09:59:06AM +0100, Daniel Pocock wrote:
> This would probably mean making sure the client is checking the network
> API version and giving the user helpful, distro-specific instructions if
> there is a mismatch, e.g. a Debian user would see a message "The Let's
> Encrypt API no longer supports your client version, it is now essential
> for you to install certbot by (running apt-get upgrade | using
> $RELEASE_N-backports)"
> To get the message exactly right, it would be useful if the certbot
> utility would actually check the apt catalog for both an SRU and
> backport and tell the user exactly which one is sufficient to get them
> going again.

We actually have some code that generates specific instructions of that exact sort;
it powers the Web application at https://certbot.eff.org/ ; the source code is


Unfortunately, it's written in the wrong language (JavaScript rather than Go)
for us to be able to easily have the boulder server return errors that send
these instructions to old copies of Certbot. So what we'd probably do is
tell people, "please install a copy of Cerbot greater than X; you can go
to https://certbot.eff.org/ if you need advice on how to do that on your OS"

Peter Eckersley                            pde at eff.org
Chief Computer Scientist          Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993

More information about the Letsencrypt-devel mailing list