Cannot renew certificates with certbot-auto


#1

I ran this command: /certbot-auto renew --dry-run

It produced this output:

Err http://ppa.launchpad.net trusty/main amd64 Packages
404 Not Found
Err http://ppa.launchpad.net trusty/main i386 Packages
404 Not Found
W: Failed to fetch http://ppa.launchpad.net/ondrej/php5-5.6/ubuntu/dists/trusty/main/binary-amd64/Packages 404 Not Found

W: Failed to fetch http://ppa.launchpad.net/ondrej/php5-5.6/ubuntu/dists/trusty/main/binary-i386/Packages 404 Not Found

Recommended packages:
libssl-doc
The following packages will be upgraded:
libssl-dev
1 upgraded, 0 newly installed, 0 to remove and 162 not upgraded.
Need to get 1,531 kB of archives.
After this operation, 1,090 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
WARNING: The following packages cannot be authenticated!
libssl-dev
Install these packages without verification? [y/N] y
Err http://ppa.launchpad.net/ondrej/php5-5.6/ubuntu/ trusty/main libssl-dev amd64 1.0.2h-1+deb.sury.org~trusty+1
404 Not Found
E: Failed to fetch http://ppa.launchpad.net/ondrej/php5-5.6/ubuntu/pool/main/o/openssl/libssl-dev_1.0.2h-1+deb.sury.org~trusty+1_amd64.deb 404 Not Found

E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

E: Some index files failed to download. They have been ignored, or old ones used instead.
apt-get update hit problems but continuing anyway…

My operating system is (include version): Linux 3.13.0-57-generic #95-Ubuntu SMP Fri Jun 19 09:28:15 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

My web server is (include version): Apache/2.4.7 (Ubuntu)

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

apt-get update or apt-get update --fix-missing produces similar output. certbot-auto worked fine before. Why does it refuse to run without updates. How can I possibly reliably crontab this process to renew the certificates if it’s going to require all this crap including that I confirm a bunch of updates just to run? It was working fine a couple of months ago. It also has disturbing warnings about not being able to verify the packages it requires updates for.

My apt-get sources list is the standard digital ocean one. I tried adding the following to the top of the list but it has no effect.

deb mirror://mirrors.ubuntu.com/mirrors.txt precise main restricted universe multiverse
deb mirror://mirrors.ubuntu.com/mirrors.txt precise-updates main restricted universe multiverse
deb mirror://mirrors.ubuntu.com/mirrors.txt precise-backports main restricted universe multiverse
deb mirror://mirrors.ubuntu.com/mirrors.txt precise-security main restricted universe multiverse


#2

did you run it with sudo ???


#3

Of course. Should it not be?


#4

The apt warnings and errors are a separate problem you’ll have to look into and fix. They’re not directly related to certbot and just happen to be triggered when certbot runs apt commands. Without knowing the specifics, it looks like you added a PPA for PHP at some point, and that PPA is now missing (probably because the PHP version is EOL’d).

As for certbot itself, you can avoid updates being installed as part of your cronjob by including --no-self-upgrade. This won’t fix your apt issues, you’ll want to fix those either way, as they’re probably preventing you from installing (security) updates as well.


#5

Thanks for the suggestion. Running with --no-self-upgrade doesn’t help either. It still generates those errors but the command won’t even complete then, it hangs here indefinitely:

Ign http://ppa.launchpad.net trusty/main Translation-en
Err http://ppa.launchpad.net trusty/main amd64 Packages
404 Not Found
Err http://ppa.launchpad.net trusty/main i386 Packages
404 Not Found
100% [Waiting for headers] [Waiting for headers]

I waited about 5 minutes with no result. I tried it twice.


#6

Hm, perhaps --no-self-upgrade is only about certbot itself, not any of its dependencies.

Either way, you’ll have to fix the apt issues. I’d look into upgrading to a more recent PHP PPA. The old one is probably referenced somewhere in /etc/apt/sources.list.d/.


#7

Found this: http://askubuntu.com/questions/628074/ubuntu-apt-get-update-error and tried sudo add-apt-repository --remove ppa:jconti/gnome3 but it doesn’t fix it. It just changes the errors a bit.

I don’t understand why this program can’t run without forcing me to update everything. This program used to run just fine, no changes have been made since. Also why does it try to force me to install things with an unverified warning.


#8

This is an unrelated PPA. You’ve been using ondrej/php5-5.6, which is now EOL’d and has been removed. You can switch to a more recent PPA from that author (which includes a more recent version of PHP that’s not EOL’d), remove the PPA and packages completely and go back to the version of PHP that’s included in your OS (which still receives updates), or find a different way to get PHP 5.6.

Strictly speaking, certbot is not updating any of the packages on your system. It’s running apt-get update, which re-syncs your package index with the sources, and then installs the dependencies it needs. However, since one of the packages it depends on (libssl-dev) used to live in that now-deleted PPA, this triggers a re-installation, which fails because the PPA was deleted.

The change that’s been made since is that a PPA you depend on has been deleted. The mechanism your OS uses to obtain updates or new software is currently broken because of that.

Note that it’s also not forcing you to install any unauthenticated packages, but rather asking you for a yes/no answer. That’s apt's default behaviour, and the fact that you’re getting this warning is once again due to the PPA, and not certbot.


#9

Yes indeed but you did not mention it in post #1 so had to check as that can throw strange errors.

Did you install certbot from an ubuntu repo ie. apt-get install or did you clone it from Github?


#10

I met the same problem, the way to resolve it is

  1. install PPA-Purge

apt-get install -y ppa-purge

  1. remove php 5.6 repository

ppa-purge ppa:ondrej/php5-5.6

  1. update your soft

apt-get updage && apt-get upgrade

relation: http://www.guohuawei.com/archives/ubuntu-remove-ppa-package-repository-ondrejphp5-for-php.html


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.