Jere's Techblog
  1. Home
  2. Linux
  3. Debian

Upgrade Debian 12 to 13

Jeremias Kühnis

I recommend to do a Backup before an Upgrade, here its explained how u can upgrade fastforwarrd. For more information checkout: https://www.debian.org/releases/trixie/release-notes/upgrading.en.html
https://www.debian.org/releases/trixie/release-notes/issues.en.html#ch-information

1.Update Repository Sources
You must point your system to the new Trixie repositories by replacing all instances of bookworm with trixie in your configuration files.

Main sources File:

sudo sed -i 's/bookworm/trixie/g' /etc/apt/sources.list

Additional repository files (if any):

sudo find /etc/apt/sources.list.d -name "*.list" -exec sed -i 's/bookworm/trixie/g' {} +

2. Perform the Upgrade

The upgrade is best performed in two stages to minimize dependency conflicts. 

Step A: Minimal Upgrade
Download the new package lists and perform a safe upgrade that does not remove existing package.

sudo apt update
sudo apt upgrade --without-new-pkgs -y

Step B: Full Upgrade
Complete the process by allowing apt to install new dependencies and remove obsolete ones.

sudo apt update
sudo apt full-upgrade -y


3.Finalize and Verify
Cleanup: Remove old, unnecessary packages.

sudo apt autoremove && sudo apt clean


Verify Version: Check that your system reports version 13.

cat /etc/debian_version
  or 
lsb_release -a
Continue reading...
, , ,
Debian, Linux
Leave a comment

Linux Change TLS-SNI-01 because TLS-SNI-01 validation is reaching end-of-life

Jeremias Kühnis

Two days ago I received the mail below.
TLS-SNI-01 will no longer be supported in the future. With this guide I’ll show you how to update the Let’s Encrypt certificate to the new standards. In my concrete example it is a Debian System 9.7 (Stretch) with a Nextcloud (Apache webserver) and certbot.

Your Let’s Encrypt client used ACME TLS-SNI-01 domain validation to issue
a certificate in the past 60 days. Below is a list of names and IP
addresses validated (max of one per account):

************

TLS-SNI-01 validation is reaching end-of-life. It will stop working
temporarily on February 13th, 2019, and permanently on March 13th, 2019.
Any certificates issued before then will continue to work for 90 days
after their issuance date.

You need to update your ACME client to use an alternative validation
method (HTTP-01, DNS-01 or TLS-ALPN-01) before this date or your
certificate renewals will break and existing certificates will start to
expire.

First of all ensure you have certbot version 0.28.0 oder newer installed. Ensure your usig those comnmands with the root/admin user.

 certbot --version || /path/to/certbot-auto --version

If the version is older, use the following link to update Certbot.

https://certbot.eff.org/

Use only the install section of the instructions to update the certbot application. With my Debian example it is the following command:

apt-get install certbot python-certbot-apache -t stretch-backports

Now you have to remove the references to tls-sni-01 in your renewal configuration: 

sh -c "sed -i.bak -e 's/^\(pref_challs.*\)tls-sni-01\(.*\)/\1http-01\2/g' /etc/letsencrypt/renewal/*; rm -f /etc/letsencrypt/renewal/*.bak"

To finish, a dry renewal with certbot must be carried out.

certbot renew --dry-run

Here you can find detailed information about Let’s Encrypt update with Certbot. https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210

and with this link you will find general information about the TLS-SNI-01 expiration https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209

Continue reading...
, , ,
Debian, Linux, tips and tricks
Leave a comment