One domain's certificate expired. When I looked at Let's Encrypt log, I found that it has not run since last year! So, I tried to manually renew using:
but then got the following error:
It seems a common error, but all the solutions I found online didn't work. I tried to upgrade the 'pyOpenSSL' module using:
but got the following error message:
Any idea how to resume Let's Encrypt renew bot?
Thank you
sudo certbot renewbut then got the following error:
Traceback (most recent call last):
File "/bin/certbot", line 9, in <module>
load_entry_point('certbot==1.3.0', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 489, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2852, in load_entry_point
return ep.load()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2443, in load
return self.resolve()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2449, in resolve
module = __import__(self.module_name, fromlist=['__name__'], level=0)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 2, in <module>
from certbot._internal import main as internal_main
File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 23, in <module>
from certbot._internal import client
File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 13, in <module>
from acme import client as acme_client
File "/usr/lib/python2.7/site-packages/acme/client.py", line 37, in <module>
requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3() # type: ignore
File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 118, in inject_into_urllib3
_validate_dependencies_met()
File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 160, in _validate_dependencies_met
"'pyOpenSSL' module missing required functionality. "
ImportError: 'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.
It seems a common error, but all the solutions I found online didn't work. I tried to upgrade the 'pyOpenSSL' module using:
`sudo pip install --upgrade pyopensslbut got the following error message:
ERROR: Cannot uninstall 'pyOpenSSL'. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall.
Any idea how to resume Let's Encrypt renew bot?
Thank you
Share this post:
Accepted Answer
Ok, I got rid of all pip and rpm packages related to certbot and started fresh. The aim is to have working certbot and Let's Encrypt app.
1. Manually installing an updated version of pyOpenSSL and its dependencies, because the one in the yum repo is outdated.
2. Installed certbot and the dashboard app:
1. Manually installing an updated version of pyOpenSSL and its dependencies, because the one in the yum repo is outdated.
$ sudo yum install python2-cffi-1.11.2-1.el7.x86_64.rpm
$ sudo yum update python2-ipaddress-1.0.19-9.2.noarch.rpm
$ sudo yum update python2-cryptography-2.5-1.el7.x86_64.rpm
$ sudo yum install python2-pyOpenSSL-19.0.0-1.el7.noarch.rpm2. Installed certbot and the dashboard app:
$ sudo yum install app-lets-encrypt
$ sudo yum install certbot-apacheResponses (7)
-
Accepted Answer
But bearing in mind I have said the a fresh installation of ClearOS and Let's Encrypt worked fine yesterday with a customer, I assume you don't need a more up to date version of python2-pyOpenSSL as I don't have it and it does not exist in the repos. My suspicion is that you have four third-party repos enabled and these could have updated ClearOS packages giving yourself a dependency mess. I am especially looking at rpmfusion. -
Accepted Answer
Nick Howitt wrote:
AFAIK the ClearOS repo packages are fine. python2-cffi python2-ipaddress and python2-pyOpenSSL are not needed and python2-cryptography-1.7.2-2.el7 is fine. I have a feeling you have repo problems.
python2-cffi and python2-ipaddress are required for the newer version of python2-pyOpenSSL. python2-pyOpenSSL is a request for app-lets-encrypt.
$ sudo yum install app-lets-encrypt
Installing:
app-lets-encrypt noarch 1:1.10.7-1.v7 clearos-contribs 9.7 k
Installing for dependencies:
app-lets-encrypt-core noarch 1:1.10.7-1.v7 clearos-contribs 13 k
certbot noarch 1.3.0-1.el7 clearos-epel 42 k
pyOpenSSL x86_64 0.13.1-4.el7 clearos-centos 135 k
python-ndg_httpsclient noarch 0.3.2-1.el7 clearos-epel 43 k
python2-acme noarch 1.3.0-1.el7 clearos-epel 75 k
python2-certbot noarch 1.3.0-1.el7 clearos-epel 365 k
python2-josepy noarch 1.3.0-2.el7 clearos-epel 89 k
Nick Howitt wrote:What do you get from "yum repolist".
Here is the output:
repo id repo name status
!akopytov_sysbench/x86_64 akopytov_sysbench 28
!akopytov_sysbench-source akopytov_sysbench-source 0
!clearos/7 ClearOS 7 - x86_64 - OS 663
!clearos-centos/x86_64 CentOS-7 - x86_64 - Base 10,042+55
!clearos-centos-sclo-rh/x86_64 CentOS-7 - x86_64 - CentOS Software 8,968
!clearos-centos-updates/x86_64 CentOS-7 - x86_64 - Updates 1,459+2
!clearos-contribs/7 ClearOS 7 - x86_64 - Contribs 125
!clearos-contribs-paid ClearOS 7 - x86_64 - Contribs Paid 99
!clearos-contribs-testing/7 ClearOS 7 - x86_64 - Contribs (Testi 169
!clearos-epel/7/x86_64 EPEL 7 - x86_64 21,741+2
!clearos-fast-updates/x86_64 ClearOS 7 - x86_64 - Fast Updates 3
!clearos-infra/7 ClearOS 7 - x86_64 - Infrastructure 16
!clearos-paid ClearOS 7 - x86_64 - Paid 213
!clearos-updates/7 ClearOS 7 - x86_64 - Updates 417
!docker-ce-stable/x86_64 Docker CE Stable - x86_64 70
!private-clearcenter-dnsthingy DNSthingy 6
!private-clearcenter-plex ClearCenter Plex Media Server 0
!rpmfusion-free-updates/x86_64 RPM Fusion for EL 7 - Free - Updates 248
!rpmfusion-nonfree-updates/x86_64 RPM Fusion for EL 7 - Nonfree - Upda 81
repolist: 44,348 -
Accepted Answer
AFAIK the ClearOS repo packages are fine. python2-cffi python2-ipaddress and python2-pyOpenSSL are not needed and python2-cryptography-1.7.2-2.el7 is fine. I have a feeling you have repo problems.
What do you get from "yum repolist".
[edit]
I did a fresh install of Let's Encrypt for a customer today from the marketplace and it worked fine. He created his certificate without problem.
[/edit] -
Accepted Answer
You are right Nick. I installed the Let’s Encrypt app after renewing the domain’s certificate. That was a mistake, because it installed old versions of the python modules (using yum) and certbot is broken again!
At least my website is working now with a renewed certificate. I’ll try to fix the issue later on and update this thread. I’ll use a simple crontab to renew certificates instead of relying on the Let’s Encrypt app. -
Accepted Answer
You are on your own then. ClearOS will still try to install and update things like python-certbot and I've now idea what conflicts are going to happen. It would have been better to sort out the underlying issue, especially if it was working for you for other certificates. What versions of python2-certbot, python2-certbot-abache and certbot did you have installed? -
Accepted Answer
-
Accepted Answer
If at all possibly, avoid trying to install python packages with pip. Look for the yum equivalent. Otherwise you can have two package managers fighting each other. The message is off as the version of pyOpenSSL installed is pyOpenSSL-0.13.1-4.el7.x86_64. I have had no problems with that and my last certificate renewed on 17th March. What version do you have ("rpm -q pyOpenSSL").
If it is only one certificate of a number which is failing, it suggests a certificate configuration problem rather than a programming problem. Have a look in /etc/letsencrypt/renewal and see if there is any obvious configuration difference. Also, you could try deleting the certificate and recreating it.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »