How do I install the Certbot package in my Lightsail instance for Let's Encrypt certificate installation?

Short description

Lightsail instances with Bitnami stacks, such as WordPress and LAMP, have their own installation tool that's called bncert-tool to install the Let's Encrypt certificate. Blueprints, such as cPanel and Plesk, also have their own installation tools and don't need the Certbot package. However, installation on other Lightsail instance blueprints, such as Ubuntu and Amazon Linux 2, require the Certbot package.

Resolution

All Linux distributions except Amazon Linux 2 and FreeBSD can use snapd to install the Certbot tool. Install the Certbot tool based on your operating system (OS).

Prerequisite

Remove any Certbot packages that used a different OS package manager for installation, such as apt, dnf, or yum. The following are examples of commands that can remove the Certbot package:

sudo apt-get remove certbot
sudo dnf remove certbot
sudo yum remove certbot

Note: You must install the DNS plugin if your domain uses one of DNS providers that's listed in DNS plugins on the Certbot website. 

Amazon Linux 2

To install the Certbot tool on Amazon Linux 2, run the following commands:

sudo yum update
sudo rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum install -y certbot

If you use a DNS provider that's listed in the Certbot User Guide, then run the following command to install the DNS plugin:

sudo yum install -y python2-certbot-dns-route53

Note: Replace route53 with your domain DNS provider.

If you get a botocore compatibility error, then run the pip command to reinstall botocore:

sudo pip uninstall botocore boto3 && sudo pip install boto3

Amazon Linux 2023

To install the Certbot tool on Amazon Linux 2023, run the following commands:

sudo yum update
sudo dnf install python3 augeas-libs
sudo python3 -m venv /opt/certbot/
sudo /opt/certbot/bin/pip install --upgrade pip
sudo /opt/certbot/bin/pip install certbot

Ubuntu 16.04, 18.04, 20.04 and 22.04

To install the Certbot tool on Ubuntu 16.04, 18.04, 20.04 and 22.04, run the following commands:

sudo snap install core;
sudo snap refresh core;
sudo snap install --classic certbot

If you use a DNS provider that's listed in the Certbot User Guide, then run the following command to install the DNS plugin:

sudo snap set certbot trust-plugin-with-root=ok
sudo snap install --beta certbot-dns-route53
sudo snap connect certbot:plugin certbot-dns-route53

Note: Replace route53 with your domain DNS provider.

Debian 11, 10.8, 9.13, 8.7

To install the Certbot tool on Debian 11, 10.8, 9.13, 8.7, run the following commands:

sudo apt install snapd -y
sudo snap install core;
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /sbin/certbot

If you use a DNS provider that's listed in the Certbot User Guide, then run the following command to install the DNS plugin:

sudo snap install --beta --classic certbot
sudo snap set certbot trust-plugin-with-root=ok
sudo snap install --beta certbot-dns-route53
sudo snap connect certbot:plugin certbot-dns-route53

Note: Replace route53 with your domain DNS provider.

CentOS 7.9

To install the Certbot tool on CentOS 7.9, run the following commands:

sudo yum install epel-release
sudo yum-config-manager --enable cr
sudo yum install snapd
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap
sudo snap install --classic certbot
sudo ln -s /var/lib/snapd/snap/bin/certbot /sbin/certbot

If you use a DNS provider that's listed in the Certbot User Guide, then run the following command to install the DNS plugin:

sudo snap set certbot trust-plugin-with-root=ok
sudo snap install --beta certbot-dns-route53
sudo snap connect certbot:plugin certbot-dns-route53

Note: Replace route53 with your domain DNS provider.

CentOS 8.2, 9

To install the Certbot tool on CentOS 8.2 and 9, run the following commands:

sudo dnf install epel-release
sudo dnf upgrade
sudo dnf config-manager --enable cr
sudo yum install snapd
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap
sudo snap install --classic certbot
sudo ln -s /var/lib/snapd/snap/bin/certbot /sbin/certbot

If you use a DNS provider that's listed in the Certbot User Guide, then run the following command to install the DNS plugin:

sudo snap set certbot trust-plugin-with-root=ok
sudo snap install --beta certbot-dns-route53
sudo snap connect certbot:plugin certbot-dns-route53

Note: Replace route53 with your domain DNS provider.

OpenSUSE 15.4

To install the Certbot tool on OpenSUSE 15.4, run the following commands:

sudo zypper addrepo --refresh https://download.opensuse.org/repositories/system:/snappy/openSUSE_Leap_15.4 snappy
sudo zypper --gpg-auto-import-keys refresh
sudo zypper dup --from snappy
sudo zypper install snapd
sudo systemctl enable --now snapd
sudo zypper in -t pattern apparmor
sudo snap install core;
sudo snap refresh core;
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

If you use a DNS provider that's listed in the Certbot User Guide, then run the following command to install the DNS plugin:

sudo snap set certbot trust-plugin-with-root=ok
sudo snap install --beta certbot-dns-route53
sudo snap connect certbot:plugin certbot-dns-route53

Note: Replace route53 with your domain DNS provider.

FreeBSD 12.4

To install the Certbot tool on FreeBSD 12.4, run the following command:

su
pkg install security/py-certbot

If you use a DNS provider that's listed in the Certbot User Guide, then run the following command to install the DNS plugin:

pkg install py39-certbot-dns-route53

Note: Replace route53 with your domain DNS provider.

Related information

How do I install a standard Let's Encrypt SSL certificate in a Lightsail instance?