Letsencrypt/certbot on OpenSUSE Leap 15.2 and 15.3

Fruststration and pain

Tried to get letsencrypt/certbot to work on an ancient, oft-updated installation of OpenSUSE Leap 15.2, then upgraded to Leap 15.3., after letsencrypt disabled ACME v1 clients.

Problems begin

There is no official certbot package available for openSUSE Leap 15.3. The inofficial packages would not install on my machine as the old packages with outdated protocols would take precedence.

So I took the Snap path.

However:

There is no official snapd package available for openSUSE Leap 15.3

The inofficial packages would install but would throw errors like

Could not open 'tunables/global'

when I tried to install packages.

The problem was probably that no apparmor package was installed on my ancient OpenSUSE distro. Getting these installed again wasn't easys as

There is no official apparmor package available for openSUSE Leap 15.3

The only way to get apparmor packages installed was with this command:

sudo zypper in -t pattern apparmor

as detailed on https://doc.opensuse.org/documentation/leap/security/html/book-security/cha-apparmor-start.html

Then I could follow the instructions here: https://snapcraft.io/docs/installing-snap-on-opensuse. Restarts may help getting this all to work:

sudo zypper addrepo --refresh https://download.opensuse.org/repositories/system:/snappy/openSUSE_Leap_15.3 snappy

sudo zypper refresh

sudo zypper install snapd

sudo systemctl enable --now snapd

sudo snap install core; sudo snap refresh core

sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Now I could finally run the usual

/usr/bin/certbot renew

Ubuntu has all the required packages in the distro, OpenSUSE Leap has none of them. Was about to switch distros. This is really an unfortunate situation that can cause a lot of pain.

Hope it helps.

Posted: 26 July 2021