Skip to content

Updating the RMM

Keeping your Linux server up to date

Updating to the latest RMM version

Keeping your Let's Encrypt certificate up to date

Video Walkthru

Keeping your Linux server up to date

You should periodically run sudo apt update and sudo apt -y upgrade to keep your server up to date.

Other than this, you should avoid making any changes to your server and let the script handle everything else for you.


Do NOT attempt in-place OS upgrades, such as trying to in-place upgrade from Debian 11 to 12. You will break your server!

Instead, you must backup and restore to the new OS.

Backup/restore functionality supports transition not only between different operating systems but also between architectures! For instance, you can back up an Ubuntu 20.04 system on an x86 architecture and restore it to an Oracle Cloud Free Tier ARM architecture running Debian 12.

Updating to the latest RMM version


Do not attempt to manually edit the update script or any configuration files unless specifically told to by one of the developers.

Since this software is completely self hosted and we have no access to your server, we have to assume you have not made any config changes to any of the files or services on your server, and the update script will assume this.

You should also never attempt to automate running the update script via cron.

The update script will update itself if needed to the latest version when you run it, and then prompt you to run it again.

Sometimes, manual intervention will be required during an update in the form of yes/no prompts, so attempting to automate this will ignore these prompts and cause your installation to break.

SSH into your server as the user you created during install (eg tactical).


Never run any update scripts or commands as the root user.

This will mess up permissions and break your installation.


You have a backup, right?

You've reviewed all release notes between your current version and the latest version, right?

Download the update script and run it:

wget -N
chmod +x

If you are already on the latest version, the update script will notify you of this and return immediately.

You can pass the optional --force flag to the update script to forcefully run through an update, which will bypass the check for latest version.

./ --force

This is useful for a botched update that might have not completed fully.

The update script will also fix any permissions that might have gotten messed up during a botched update, or if you accidentally ran the update script as the root user.


Do not attempt to manually update MeshCentral to a newer version.

You should let the script handle this for you.

The developers will test MeshCentral and make sure integration does not break before bumping the mesh version.

Keeping your Let's Encrypt SSL certificate up to date


Currently, the update script does not automatically renew your Let's Encrypt wildcard certificate, which expires every 3 months, since this is non-trivial to automate using the DNS TXT record method.

Update SSL: To renew and update your Let's Encrypt wildcard cert SSL certs, run the following command, replacing with your domain and with your email:

sudo certbot certonly --manual -d * --agree-tos --no-bootstrap --preferred-challenges dns -m --no-eff-email

Same instructions as during install for verifying the TXT record has propagated before hitting Enter.

You're not done yet keep reading!

After this you have renewed the cert, but it's still not being used everywhere in Tactical. Now run the script, passing it the --force flag.

./ --force

Video Walkthru