Can not open /var/lib/snapd/seccomp/profiles//snap.certbot.certbot (No such file or directory) aborting: No such file or directory

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.fangmuseum.com

I ran this command: certbot --nginx

It produced this output:
Can not open /var/lib/snapd/seccomp/profiles//snap.certbot.certbot (No such file or directory)
aborting: No such file or directory

My web server is (include version): nginx 1.10.3

The operating system my web server runs on is (include version): Debian 9 x86_64

My hosting provider, if applicable, is: IT7 Networks

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): WordPress

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.27.0

1 Like

Hi @83035706yf, and welcome to the LE community forum :slight_smile:

I'm not 100% certain, but my first instinct is for you to remove ALL versions of certbot.
And then reinstall it as recommended at:

1 Like

What distro did you encounter this error on?

3 Likes

Debian 9 x86_64 (Sorry for missing this, I've updated my post.)

Hi and thanks for your suggestions! I've already removed all version of certbot that I previously installed by apt remove certbot

and then removed that I installed in snap by snap remove certbot

And then following this guide to delete certbot-auto Uninstalling certbot-auto. It seems that I never installed any version of certbot-auto.

Unfortunately after these commands and then reinstall certbot, the same problem remains.

Then I checked if there are remaining certbot files by find /* -name '*certbot*' and find /* -name '*letsencrypt*' and was to delete those found files. I deleted all of them except some .mount files. For example, /sys/fs/cgroup/pids/system.slice/snap-certbot-2035.mount. I cannot delete these files as it shows 'operation not permitted'.

I wonder if that matters. But it seems that the same problem remains after I've done the above commands.

It seems like an OS environment issue with snapd that a handful of users have encountered, judging by Search results for '"Can not open /var/lib/snapd/seccomp/profiles/"' - snapcraft.io. Unfortunately there's not much to try there other than "reinstall Linux and cross your fingers". Since you are on Debian, I assume you are using systemd.

If you can't get it working, you can try installing Certbot via the pip instructions, or install the much older version of Certbot from apt (but should work fine).

2 Likes

And of course the source code is located here: GitHub - certbot/certbot: Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.

1 Like

Thanks for your suggestions.

I tried the pip instructions, but in the 'install certbot' step, I ran into these error:

Using legacy 'setup.py install' for zope.hookable, since package 'wheel' is not installed.
Using legacy 'setup.py install' for cffi, since package 'wheel' is not installed.
Using legacy 'setup.py install' for configobj, since package 'wheel' is not installed.
Installing collected packages: pycparser, six, cffi, urllib3, idna, cryptography, chardet, certifi, requests, pytz, PyOpenSSL, zope.interface, zope.hookable, zope.event, requests-toolbelt, pyrfc3339, josepy, zope.component, parsedatetime, distro, configobj, ConfigArgParse, acme, pyparsing, certbot, certbot-nginx
    Running setup.py install for cffi ... error
    ERROR: Command errored out with exit status 1:
     command: /opt/certbot/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-c3kzhn9_/cffi_692fca6285f442c3a8908a5da7e6bec0/setup.py'"'"'; __file__='"'"'/tmp/pip-install-c3kzhn9_/cffi_692fca6285f442c3a8908a5da7e6bec0/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-6rru8yco/install-record.txt --single-version-externally-managed --compile --install-headers /opt/certbot/include/site/python3.5/cffi
         cwd: /tmp/pip-install-c3kzhn9_/cffi_692fca6285f442c3a8908a5da7e6bec0/
    Complete output (56 lines):
    Package libffi was not found in the pkg-config search path.
    Perhaps you should add the directory containing `libffi.pc'
    to the PKG_CONFIG_PATH environment variable
    No package 'libffi' found
    Package libffi was not found in the pkg-config search path.
    Perhaps you should add the directory containing `libffi.pc'
    to the PKG_CONFIG_PATH environment variable
    No package 'libffi' found
    Package libffi was not found in the pkg-config search path.
    Perhaps you should add the directory containing `libffi.pc'
    to the PKG_CONFIG_PATH environment variable
    No package 'libffi' found
    Package libffi was not found in the pkg-config search path.
    Perhaps you should add the directory containing `libffi.pc'
    to the PKG_CONFIG_PATH environment variable
    No package 'libffi' found
    Package libffi was not found in the pkg-config search path.
    Perhaps you should add the directory containing `libffi.pc'
    to the PKG_CONFIG_PATH environment variable
    No package 'libffi' found
    running install
    running build
    running build_py
    creating build
    creating build/lib.linux-x86_64-3.5
    creating build/lib.linux-x86_64-3.5/cffi
    copying cffi/backend_ctypes.py -> build/lib.linux-x86_64-3.5/cffi
    copying cffi/ffiplatform.py -> build/lib.linux-x86_64-3.5/cffi
    copying cffi/api.py -> build/lib.linux-x86_64-3.5/cffi
    copying cffi/error.py -> build/lib.linux-x86_64-3.5/cffi
    copying cffi/lock.py -> build/lib.linux-x86_64-3.5/cffi
    copying cffi/model.py -> build/lib.linux-x86_64-3.5/cffi
    copying cffi/pkgconfig.py -> build/lib.linux-x86_64-3.5/cffi
    copying cffi/cffi_opcode.py -> build/lib.linux-x86_64-3.5/cffi
    copying cffi/cparser.py -> build/lib.linux-x86_64-3.5/cffi
    copying cffi/vengine_gen.py -> build/lib.linux-x86_64-3.5/cffi
    copying cffi/recompiler.py -> build/lib.linux-x86_64-3.5/cffi
    copying cffi/setuptools_ext.py -> build/lib.linux-x86_64-3.5/cffi
    copying cffi/verifier.py -> build/lib.linux-x86_64-3.5/cffi
    copying cffi/vengine_cpy.py -> build/lib.linux-x86_64-3.5/cffi
    copying cffi/__init__.py -> build/lib.linux-x86_64-3.5/cffi
    copying cffi/commontypes.py -> build/lib.linux-x86_64-3.5/cffi
    copying cffi/_cffi_include.h -> build/lib.linux-x86_64-3.5/cffi
    copying cffi/parse_c_type.h -> build/lib.linux-x86_64-3.5/cffi
    copying cffi/_embedding.h -> build/lib.linux-x86_64-3.5/cffi
    copying cffi/_cffi_errors.h -> build/lib.linux-x86_64-3.5/cffi
    running build_ext
    building '_cffi_backend' extension
    creating build/temp.linux-x86_64-3.5
    creating build/temp.linux-x86_64-3.5/c
    x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fdebug-prefix-map=/build/python3.5-5Cvh2K/python3.5-3.5.3=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DUSE__THREAD -DHAVE_SYNC_SYNCHRONIZE -I/usr/include/ffi -I/usr/include/libffi -I/opt/certbot/include -I/usr/include/python3.5m -c c/_cffi_backend.c -o build/temp.linux-x86_64-3.5/c/_cffi_backend.o
    c/_cffi_backend.c:2:20: fatal error: Python.h: No such file or directory
     #include <Python.h>
                        ^
    compilation terminated.
    error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
    ----------------------------------------
ERROR: Command errored out with exit status 1: /opt/certbot/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-c3kzhn9_/cffi_692fca6285f442c3a8908a5da7e6bec0/setup.py'"'"'; __file__='"'"'/tmp/pip-install-c3kzhn9_/cffi_692fca6285f442c3a8908a5da7e6bec0/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-6rru8yco/install-record.txt --single-version-externally-managed --compile --install-headers /opt/certbot/include/site/python3.5/cffi Check the logs for full command output.

2 Likes

I think I should upgrade my python

You can use Python 3.5 up to a certain release of Certbot, but give this a shot:

apt install gcc libffi6 libffi-dev python3-dev libpython3-dev
1 Like

What about... using another ACME client?

2 Likes

Thanks, I finally installed certbot via pip and enabled certificate on my website.

However, my website still shows insecure and Why No Padlock? still shows my old expired certificate. What are possible reasons for that and what should I do?

1 Like

Also, I'm sure I've successfully enabled certificate on my website. When I test certbot certificates it outputs

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: fangmuseum.com
    Serial Number: 3629305deae6618418a696c7b65dc5ba4d9
    Key Type: RSA
    Domains: fangmuseum.com www.fangmuseum.com
    Expiry Date: 2022-08-18 02:49:17+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/fangmuseum.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/fangmuseum.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Thanks a lot for your help today!!

1 Like

I see that you have renewed the cert.
But have you restarted the nginx web server?
[so that it can use the latest cert]

2 Likes

There is an expired ZeroSSL certificate currently configured and it does not send a chain.

So there's more to it than just restart nginx :wink:

Also, the HTTP to HTTPS redirect is missing, but I guess that's a good thing at the moment, as HTTPS is malfunctioning :roll_eyes:

4 Likes

How can I remove that expired zerossl certificate completely?

Review your nginx configuration.
It should be pointing to it in there somewhere.
Change those lines to use the most recent cert.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.