> Ubuntu 16.04, which is an LTS version, has an even older version of the letsencrypt software (before it was called certbot) and Ubunbtu doesn't seem to care.
Ubuntu Server developer involved with Certbot here. We do care.
Updating letsencrypt/certbot in 16.04 is monumentally difficult because, from a Certbot perspective, February 2016 is prehistoric, and users of an Ubuntu stable release expect not to be regressed for all the different use cases they may have, not all of which we even know about. Updating a stable release is difficult for these reasons normally. Now add in the complication of five different interacting source packages, an upstream project rename, and the need to not regress the behaviour of a key library which must be updated but users may be depending on directly, and hopefully you can see the difficulty of this task. We are working on it though, and you can follow progress here: https://launchpad.net/bugs/1640978. I'm still hopeful that this will land in time.
In the meantime, if you can't wait, are using 16.04 and must have it now, then you have a number of options:
1) Use certbot-auto as recommended by upstream.
2) Use 18.04, which isn't affected as it shipped with a new-enough certbot package.
3) Try the (experimental) snap: https://forum.snapcraft.io/t/call-for-testing-certbot-lets-e... (though I don't recommend this for production). Relative to the deb packaging, the snap has been trivial to develop and maintain and the edge channel keeps up with upstream master automatically as long as CI passes (and keeping it passing has been a relative breeze).
Ubuntu Server developer involved with Certbot here. We do care.
Updating letsencrypt/certbot in 16.04 is monumentally difficult because, from a Certbot perspective, February 2016 is prehistoric, and users of an Ubuntu stable release expect not to be regressed for all the different use cases they may have, not all of which we even know about. Updating a stable release is difficult for these reasons normally. Now add in the complication of five different interacting source packages, an upstream project rename, and the need to not regress the behaviour of a key library which must be updated but users may be depending on directly, and hopefully you can see the difficulty of this task. We are working on it though, and you can follow progress here: https://launchpad.net/bugs/1640978. I'm still hopeful that this will land in time.
In the meantime, if you can't wait, are using 16.04 and must have it now, then you have a number of options:
1) Use certbot-auto as recommended by upstream.
2) Use 18.04, which isn't affected as it shipped with a new-enough certbot package.
3) Try the (experimental) snap: https://forum.snapcraft.io/t/call-for-testing-certbot-lets-e... (though I don't recommend this for production). Relative to the deb packaging, the snap has been trivial to develop and maintain and the edge channel keeps up with upstream master automatically as long as CI passes (and keeping it passing has been a relative breeze).