In December 2020 and release 1.10.0, Let’s Encrypt had deprecated certbot-auto on Debian based systems including Ubuntu. In their release 1.11.0, they also deprecate the script on every OS.

It is only certbot-auto that they deprecated. Our other distribution methods or Certbot more generally was not deprecated on Debian.

The behavior you can expect from certbot-auto on a deprecated OS is that if you had run the script before and had an existing Certbot installation from it, that installation will continue to work, however, you will no longer receive updates and a message will be printed every time the script is run explaining this. If you do not have an existing certbot-auto installation, the script will refuse to install Certbot and say that you need to use a different installation method.


Your system is not supported by certbot-auto anymore.

Certbot-auto deprecated: Explanation and Solutions!

How do I install Certbot now?

The way we recommend most users install Certbot is through snaps. You can find instructions for doing this at

On Ubuntu 16.04

$ sudo snap install core; sudo snap refresh core

Remove any Certbot OS packages

If you have any Certbot packages installed using an OS package manager like apt, dnf, or yum, you should remove them before installing the Certbot snap to ensure that when you run the command certbot the snap is used rather than the installation from your OS package manager. The exact command to do this depends on your OS, but common examples are sudo apt-get remove certbot, sudo dnf remove certbot, or sudo yum remove certbot.

$ apt-get remove certbot
$ apt autoremove

Install Cerbot

$ sudo snap install --classic certbot

Prepare the Certbot command

Execute the following instruction on the command line on the machine to ensure that the certbot command can be run.

$ sudo ln -s /snap/bin/certbot /usr/bin/certbot

Choose how you’d like to run Certbot. Either get and install your certificates…

Run this command to get a certificate and have Certbot edit your Apache configuration automatically to serve it, turning on HTTPS access in a single step.

$ sudo certbot --apache

For multiple subject alternative name (SAN) included in the certificate you can use the following command.

$ sudo certbot -d domain1.tld -d sub.domain.tld -d domain2.tld -d domain3.tld --apache

Or, just get a certificate

If you’re feeling more conservative and would like to make the changes to your Apache configuration by hand, run this command.

$ sudo certbot certonly --apache

Test automatic renewal

The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run

The command to renew certbot is installed in one of the following locations:

systemctl list-timers

# Pass –all to see loaded but inactive timers, too.
systemctl list-timers –all

Uninstalling a package like certbot from snapcraft

If you want to uninstall the snap certbot utility you can run the following command

$ sudo snap remove certbot


Let’s Encrypt – Free SSL/TLS Certificates

Certbot-auto deprecated: Explanation and Solutions!

Snap (package manager)

Snapcraft – The app store for Linux

Snapcraft documentation