On Tue, Nov 29, 2016 at 09:59:06AM +0100, Daniel Pocock wrote: > This would probably mean making sure the client is checking the network > API version and giving the user helpful, distro-specific instructions if > there is a mismatch, e.g. a Debian user would see a message "The Let's > Encrypt API no longer supports your client version, it is now essential > for you to install certbot by (running apt-get upgrade | using > $RELEASE_N-backports)" > > To get the message exactly right, it would be useful if the certbot > utility would actually check the apt catalog for both an SRU and > backport and tell the user exactly which one is sufficient to get them > going again.
We actually have some code that generates specific instructions of that exact sort; it powers the Web application at https://certbot.eff.org/ ; the source code is here: https://github.com/certbot/website/tree/master/_scripts/instruction-widget Unfortunately, it's written in the wrong language (JavaScript rather than Go) for us to be able to easily have the boulder server return errors that send these instructions to old copies of Certbot. So what we'd probably do is tell people, "please install a copy of Cerbot greater than X; you can go to https://certbot.eff.org/ if you need advice on how to do that on your OS" -- Peter Eckersley p...@eff.org Chief Computer Scientist Tel +1 415 436 9333 x131 Electronic Frontier Foundation Fax +1 415 436 9993