[CertBot] Remove certbot stretch packages on deinstallation + Binary fix

[MichaIng]

No description provided.

[MichaIng]

I just realized that we introduced a bug in CertBot for Jessie by just replacing the the binary/script with the new certbot binary on apache+nginx, that is installed only on Stretch.

On the other hand, lighttpd and minio didn't use the new binary on Stretch and thus should fail there.

I first simplified the script, by merging $DP_LETSENCRYPT_SCRIPTS and $DP_LETSENCRYPT_BINARY and made them point to the right binary, depending on distro.

I added --apache/--nginx auto configuration argument just in case of Stretch, as it was before, but actually also the manually installed certbot-auto on Jessie supports this arguments. Should we auto configure apache and nginx by default, or allow users to choose on the whiptail page?

[Fourdee]

@MichaIng

I just realized that we introduced a bug in CertBot for Jessie by just replacing the the binary/script with the new certbot binary on apache+nginx, that is installed only on Stretch.

No worries 👍 Fixed in this PR?

Should we auto configure apache and nginx by default, or allow users to choose on the whiptail page?

Auto configuration based on installed webserver? Would be ideal, cuts out unnecessary inputs from user.

[MichaIng]

@Fourdee

Fixed in this PR?

Yes, fixed it with second commit.

Auto configuration based on installed webserver? Would be ideal, cuts out unnecessary inputs from user.

As said, on Stretch, auto configuration via --apache/--nginx is already done. On Jessie I want to test it first. At least according to the documentation it should be possible the same way: https://certbot.eff.org/docs/intro.html#installation

For testing I am building a virtual machine. First tried to run RPi2 with qemu, but that didn't work well, now found the virtualbox image and just need to activate Intel-VT on my machine to get it to run as x64. So hang on 😄.

[MichaIng]

@Fourdee
After tinkering around a bit to get internet working, finally my DietPi VirtualBox runs nice and smooth. Could you provide also a Stretch version of this? Or also I could store a backup and manually upgrade to Stretch by changing apt sources. But yeah this procedure often breaks things 😝.

To test certbot-auto --apache/--nginx:
I can't run through the whole certbot process, as I have no domain available than the one for my production server and also 80/443 are forwarded to it. Sadly there is no way to run through the whole certbot including webserver auto configuration, without this. I tried --test-cert and --no-verify-ssl, but I guess the domain needs to be available and ports forwarded in any case, for communication between certbot client and letsencrypt servers.

But the --apache option at least didn't produce any error, and the certbot docs are quite clear, that this will work (see link above). Anyway some test on a Jessie system with this would still be nice, before we gonna add it.

Another simple solution would be to install the certbot apt packages from jessie-backports: https://packages.debian.org/de/jessie-backports/python-certbot-apache
This branch is added to apt sources already and just need to be used actively by apt command. Also we can adjust /etc/apt/preferences to automatically install/upgrade just these packages and their dependencies from jessie-backports. That way we could handle certbot on Jessie and Stretch the same way and also the apt packages provide less overhead (way less additionally installed packages), why ever.

[Fourdee]

@MichaIng

Yes, fixed it with second commit.

Excellent, thanks, i'll get this merged.

VirtualBox runs nice and smooth. Could you provide also a Stretch version of this? Or also I could store a backup and manually upgrade to Stretch by changing apt sources. But yeah this procedure often breaks things

I'll update our VM images to Stretch:
https://github.com/Fourdee/DietPi/issues/1219