How do I install the Certbot package in my Lightsail instance for Let's Encrypt certificate installation?

Short description

Lightsail instances with Bitnami stacks, such as WordPress, LAMP, and so on, have their own installation tool called bncert-tool. This tool is used for installing the Let's Encrypt certificate. Blueprints such as cPanel and Plesk also have their own tools for this purpose. These instances don't need the Certbot package.

However, installation on other Lightsail instance blueprints, such as Ubuntu, Amazon Linux 2, and so on, require the Certbot package.

For information on installing a Let's Encrypt certificate after installing the Certbot package, see How do I install a standard Let's Encrypt SSL certificate in a Lightsail instance?

Resolution

All Linux distributions except Amazon Linux 2 and FreeBSD can use snapd to install the Certbot tool. If you have any Certbot packages installed using an OS package manager such as apt, dnf, or yum, remove them before installing the Certbot snap. This makes sure that when you run the Certbot command, the snap is used rather than the installation from your OS package manager. The exact command you need to run to do this depends on your OS. The following are common examples of the command that you can use to remove Certbot package:

sudo apt-get remove certbot

sudo dnf remove certbot

sudo yum remove certbot

Run the following commands to install the Certbot tool:

Amazon Linux 2

sudo rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum install -y certbot

Note: If you're using Method 1 to install a wildcard Let's Encrypt SSL certificate, then run the following commands as well to install the DNS plugin. In the following command, replace route53 with your domain's DNS provider. To review the list of supported DNS providers, see DNS Plugins.

sudo yum install -y python2-certbot-dns-route53

If you get botocore compatibility errors while running the Certbot command, then reinstall boto-core with pip.

sudo pip uninstall botocore boto3 && sudo pip install boto3

Ubuntu 16.04, 18.04 and 20.04

sudo snap install core;
sudo snap refresh core;
sudo snap install --classic certbot

Note: If you're using Method 1 to install a wildcard Let's Encrypt SSL certificate, then run the following commands as well to install the DNS plugin. In the following command, replace route53 with your domain's DNS provider. To review the list of supported DNS providers, see DNS Plugins.

sudo snap set certbot trust-plugin-with-root=ok
sudo snap install --beta certbot-dns-route53
sudo snap connect certbot:plugin certbot-dns-route53

Debian 10.8, 9.13, 8.7

sudo apt install snapd -y
sudo snap install core;
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /sbin/certbot

Note: If you're using Method 1 to install a wildcard Let's Encrypt SSL certificate, then run the following commands to install the DNS plugin. In the following command, replace route53 with your domain's DNS provider. To review the list of supported DNS providers, see DNS Plugins.

sudo snap install --beta --classic certbot
sudo snap set certbot trust-plugin-with-root=ok
sudo snap install --beta certbot-dns-route53
sudo snap connect certbot:plugin certbot-dns-route53

CentOS 7.9

sudo yum install epel-release
sudo yum-config-manager --enable cr
sudo yum install snapd
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap
sudo snap install --classic certbot
sudo ln -s /var/lib/snapd/snap/bin/certbot /sbin/certbot

Note: If you're using Method 1 to install a Wildcard Let's Encrypt SSL certificate, then run the following commands to install the DNS plugin. In the following command, replace route53 with your domain's DNS provider. To review the list of supported DNS providers, see DNS Plugins.

sudo snap set certbot trust-plugin-with-root=ok
sudo snap install --beta certbot-dns-route53
sudo snap connect certbot:plugin certbot-dns-route53

CentOS 8.2

sudo dnf install epel-release
sudo dnf upgrade
sudo dnf config-manager --enable cr
sudo yum install snapd
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap
sudo snap install --classic certbot
sudo ln -s /var/lib/snapd/snap/bin/certbot /sbin/certbot

Note: If you're using Method 1 to install a wildcard Let's Encrypt SSL certificate, then run the following commands to install the DNS plugin. In the following command, replace route53 with your domain's DNS provider. To review the list of supported DNS providers, see DNS Plugins.

sudo snap set certbot trust-plugin-with-root=ok
sudo snap install --beta certbot-dns-route53
sudo snap connect certbot:plugin certbot-dns-route53

OpenSUSE 15.2

sudo zypper addrepo --refresh https://download.opensuse.org/repositories/system:/snappy/openSUSE_Leap_15.2 snappy
sudo zypper --gpg-auto-import-keys refresh
sudo zypper dup --from snappy
sudo zypper install snapd
sudo systemctl enable --now snapd
sudo zypper in -t pattern apparmor
sudo snap install core;
sudo snap refresh core;
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Note: If you're using Method 1 to install a wildcard Let's Encrypt SSL certificate, then run the following commands to install the DNS plugin. In the following command, replace route53 with your domain's DNS provider. To review the list of supported DNS providers, see DNS Plugins.

sudo snap set certbot trust-plugin-with-root=ok
sudo snap install --beta certbot-dns-route53
sudo snap connect certbot:plugin certbot-dns-route53

FreeBSD 12.2

su
pkg install py38-certbot

Note: If you're using Method 1 to install a wildcard Let's Encrypt SSL certificate, then run the following commands to install the DNS plugin. In the following command, replace route53 with your domain's DNS provider. To review the list of supported DNS providers, see DNS Plugins.

pkg install py38-certbot-dns-route53

---