Amazon Linux - failing renew

Help
1

My domain is: go.podnews.net

I ran this command: sudo /usr/local/bin/certbot-auto --apache

It produced this output:

FATAL: Amazon Linux support is very experimental at present...
if you would like to work on improving it, please ensure you have backups
and then run this script again with the --debug flag!
Alternatively, you can install OS dependencies yourself and run this script
again with --no-bootstrap.
[ec2-user@ip-172-26-15-24 ~]$ sudo /usr/local/bin/certbot-auto --apache --debug
Bootstrapping dependencies for Amazon... (you can skip this with --no-bootstrap)
yum is /usr/bin/yum
yum is hashed (/usr/bin/yum)
Loaded plugins: priorities, update-motd, upgrade-helper
1073 packages excluded due to repository priority protections
Package gcc-4.8.5-1.22.amzn1.noarch already installed and latest version
Package augeas-libs-1.0.0-5.7.amzn1.x86_64 already installed and latest version
Package 1:openssl-1.0.2k-16.151.amzn1.x86_64 already installed and latest version
Package 1:openssl-devel-1.0.2k-16.151.amzn1.x86_64 already installed and latest version
Package libffi-devel-3.0.13-16.5.amzn1.x86_64 already installed and latest version
Package system-rpm-config-9.0.3-42.28.amzn1.noarch already installed and latest version
Package ca-certificates-2018.2.22-65.1.21.amzn1.noarch already installed and latest version
Package python27-devel-2.7.16-1.131.amzn1.x86_64 already installed and latest version
Package python27-virtualenv-15.1.0-1.14.amzn1.noarch already installed and latest version
Package python27-tools-2.7.16-1.131.amzn1.x86_64 already installed and latest version
Package python27-pip-9.0.3-1.27.amzn1.noarch already installed and latest version
Nothing to do
Creating virtual environment...
Traceback (most recent call last):
  File "<stdin>", line 27, in <module>
  File "<stdin>", line 19, in create_venv
  File "/usr/lib64/python2.7/subprocess.py", line 185, in check_call
    retcode = call(*popenargs, **kwargs)
  File "/usr/lib64/python2.7/subprocess.py", line 172, in call
    return Popen(*popenargs, **kwargs).wait()
  File "/usr/lib64/python2.7/subprocess.py", line 394, in __init__
    errread, errwrite)
  File "/usr/lib64/python2.7/subprocess.py", line 1047, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory

My web server is (include version):
Apache/2.4.41 (Amazon)

The operating system my web server runs on is (include version):
Amazon Linux (1)

My hosting provider, if applicable, is:
Amazon

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

[ec2-user@ip-172-26-15-24 ~]$ certbot-auto --version
Requesting to rerun /usr/local/bin/certbot-auto with root privileges...
FATAL: Amazon Linux support is very experimental at present...
if you would like to work on improving it, please ensure you have backups
and then run this script again with the --debug flag!
Alternatively, you can install OS dependencies yourself and run this script
again with --no-bootstrap.
[ec2-user@ip-172-26-15-24 ~]$ certbot-auto --version --debug
Requesting to rerun /usr/local/bin/certbot-auto with root privileges...
Bootstrapping dependencies for Amazon... (you can skip this with --no-bootstrap)
yum is /usr/bin/yum
yum is hashed (/usr/bin/yum)
Loaded plugins: priorities, update-motd, upgrade-helper
amzn-main                                                                                                                     | 2.1 kB  00:00:00     
amzn-updates                                                                                                                  | 2.5 kB  00:00:00     
1073 packages excluded due to repository priority protections
Package gcc-4.8.5-1.22.amzn1.noarch already installed and latest version
Package augeas-libs-1.0.0-5.7.amzn1.x86_64 already installed and latest version
Package 1:openssl-1.0.2k-16.151.amzn1.x86_64 already installed and latest version
Package 1:openssl-devel-1.0.2k-16.151.amzn1.x86_64 already installed and latest version
Package libffi-devel-3.0.13-16.5.amzn1.x86_64 already installed and latest version
Package system-rpm-config-9.0.3-42.28.amzn1.noarch already installed and latest version
Package ca-certificates-2018.2.22-65.1.21.amzn1.noarch already installed and latest version
Package python27-devel-2.7.16-1.131.amzn1.x86_64 already installed and latest version
Package python27-virtualenv-15.1.0-1.14.amzn1.noarch already installed and latest version
Package python27-tools-2.7.16-1.131.amzn1.x86_64 already installed and latest version
Package python27-pip-9.0.3-1.27.amzn1.noarch already installed and latest version
Nothing to do
Creating virtual environment...
Traceback (most recent call last):
  File "<stdin>", line 27, in <module>
  File "<stdin>", line 19, in create_venv
  File "/usr/lib64/python2.7/subprocess.py", line 185, in check_call
    retcode = call(*popenargs, **kwargs)
  File "/usr/lib64/python2.7/subprocess.py", line 172, in call
    return Popen(*popenargs, **kwargs).wait()
  File "/usr/lib64/python2.7/subprocess.py", line 394, in __init__
    errread, errwrite)
  File "/usr/lib64/python2.7/subprocess.py", line 1047, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory
1 Like
2

Hi @JamesCridland

looks like Certbot doesn't understand your configuration.

See

https://certbot.eff.org/docs/using.html#certbot-command-line-options

There are a lot of path-options you may use:

--apache-server-root APACHE_SERVER_ROOT
Apache server root directory (default: /etc/apache2)
--apache-vhost-root APACHE_VHOST_ROOT
Apache server VirtualHost configuration root (default:
None)
--apache-logs-root APACHE_LOGS_ROOT
Apache server logs directory (default:
/var/log/apache2)
--apache-challenge-location APACHE_CHALLENGE_LOCATION
Directory path for challenge configuration (default:
/etc/apache2)
--apache-handle-modules APACHE_HANDLE_MODULES
Let installer handle enabling required modules for you
(Only Ubuntu/Debian currently) (default: False)
--apache-handle-sites APACHE_HANDLE_SITES
Let installer handle enabling sites for you (Only
Ubuntu/Debian currently) (default: False)
--apache-ctl APACHE_CTL
Full path to Apache control script (default:
apache2ctl)

So Certbot is able to find your required Apache informations.

If that doesn't help. Perhaps check other clients like acme.sh. Some of these are "smaller".

1 Like
3

I don’t really know what you’re asking me here to do. But there’s nothing out of the ordinary in my installation - in fact, here’s the full installation script for that box:

sudo yum update -y
sudo yum install -y httpd24 mod24_ssl php73 php73-pdo php73-gd php73-mbstring php73-mysqlnd
sudo service httpd start && sudo chkconfig httpd on

I used https://certbot.eff.org/lets-encrypt/centosrhel8-apache to install certbot the first time, and that worked fine. Now, for some reason it’s no longer working - I did see Certbot update itself to a later version, but I can’t even see the version of Certbot any more.

1 Like
4

As a PS: I’m at a loss of what to do next. I know that I have a very short amount of time before this entire server falls off the internet with a failed certificate, and with it, my livelihood. I’d be very grateful for a pointer as to how to get this to work again on Amazon Linux.

5

my uninterested suggestion is: let certbot go, it doesn’t work well with amazon linux, and use another acme client (I suggest acme.sh)

6

That’s a great suggestion. I had no idea what the original response meant by “Perhaps check other clients like acme.sh. Some of these are “smaller”.” - but you’ve given the help I needed to understand what I might need to do. Thank you.

1 Like
7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.