Brew Pip Installation Error "Operation not Permitted"

TheOnePossum · October 13, 2024, 11:02am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
Symaldra.com (Cloudflare-Proxy is active)

I ran this command:
brew install python
brew unlink python && brew link python
sudo python3 -m venv /opt/certbot/ (1st Command)
sudo /opt/certbot/bin/pip install --upgrade pip (2nd Command)
sudo /opt/certbot/bin/pip install certbot
sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot

Following the Discussion here: Certbot doesn't install plugins via brew
and these Instructions:
Mac pip install guide: how to install pip 2 different ways
Certbot Instructions | Certbot

It produced this output:

Command 2 and 3 produced:
WARNING: The directory '/Users/username/Library/Caches/pip' or its parent directory is not owned or is not writable by the current user. The cache has been disabled. Check the permissions and owner of that directory. If executing pip with sudo, you should use sudo's -H flag.
among other things

and down the line Command 4 produced

ln: /usr/bin/certbot: Operation not permitted

My web server is (include version):
Apache HTTPD 2.4.62 (Unix)

The operating system my web server runs on is (include version):
MacOS Sonoma 14.6.1

My hosting provider, if applicable, is:
Not Applicable

I can login to a root shell on my machine (yes or no, or I don't know):
I believe so ?

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
zsh: command not found: certbot

jvanasco · October 13, 2024, 4:23pm

Download and install the Python from Python.org

The brew managed stuff is a nightmare and over complicates things.

The Python core team has a nice gui package installer, which is updated as part of their release process, and safely sideloads next to the original system Python.

TheOnePossum · October 13, 2024, 4:38pm

Will try. Tho brew worked very well for all other things I use (apache, php, mysql, progresql).

TheOnePossum · October 13, 2024, 5:10pm

i've reseted the server to a Time-Machine Backup from before the previous attempt to ensure that no left-overs from said attempt are on the server and then followed the instruction. However, I am still running into the same issue even without brew.

TheOnePossum · October 13, 2024, 5:57pm

I realised that I accidentally left out some of the errors. When typing

sudo /opt/certbot/bin/pip install --upgrade pip

it says

Requirement already satisfied: pip in /opt/certbot/lib/python3.13/site-packages (24.2)

TheOnePossum · October 13, 2024, 6:10pm

For anyone having the same issue this is what worked for me:
https://discussions.apple.com/thread/250478382?sortBy=rank

instead of writing

sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot

as per instructions step 7

you need to run

sudo ln -s /opt/certbot/bin/certbot /usr/local/bin/certbot

Osiris · October 13, 2024, 11:32pm

But the first error you've shown was for the commands earlier than that simple ln -s command, so I fail to see the connection.

The error message shown are actually more a pip issue it seems than a Certbot option and the error itself suggests it has something to do with the usage of sudo and the lack of the usage of the -H option, "among others".

Also, Certbot usually needs to run as root anyway, so /usr/bin/certbot should work just fine. I don't see why using /usr/local/bin suddenly makes such a difference.

TheOnePossum · October 14, 2024, 3:52am

Frankly: I have no damn clue what I am doing, I am just following Internet tutorials.

When it comes to the lack of the -H option: I followed the Certbot instructions. I don't know what -H is for. And I ... somehow didn't saw it mentioned in the warning message. Whoops.

When it comes to the directories ... it fixed the error of "not-permitted" and According to the linked article, it's because of MacOS and its security features.
And well it works so... why doubt it ?

orangepizza · October 14, 2024, 5:20am

It's apple rootless guarding that path.

Here's what it restricts, even from root:

You can't modify anything in /System, /bin, /sbin, or /usr (except /usr/local); or any of the built-in apps and utilities. Only Installer and software update can modify these areas, and even they only do it when installing Apple-signed packages.

Osiris · October 14, 2024, 12:09pm

Ah, Apple. Right.

system · November 13, 2024, 12:10pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot doesn't install plugins via brew Help	6	140	November 7, 2024
Certbot apache plugin on macos Help	3	1503	February 9, 2022
CertBot produces a blank privatekey.pem Help	7	2620	November 23, 2019
Certbot installation with Homebrew 2021 Help	5	2061	January 21, 2022
MacPorts Installed Certbot Creating Errors on OSX Help	2	1142	October 22, 2017

Brew Pip Installation Error "Operation not Permitted"

Related topics