i've recently discovered my LE cert hasn't been renewing (expiring later today - i guess that means broken for 3months) so i've taken a look and found that it's upset with my python versions.
$ certbot
Traceback (most recent call last):
File "/usr/bin/certbot", line 5, in
from pkg_resources import load_entry_point
File "/usr/lib/python2.7/site-packages/pkg_resources/init.py", line 3126, in
@_call_aside
File "/usr/lib/python2.7/site-packages/pkg_resources/init.py", line 3110, in _call_aside
f(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/pkg_resources/init.py", line 3139, in _initialize_master_working_set
working_set = WorkingSet._build_master()
File "/usr/lib/python2.7/site-packages/pkg_resources/init.py", line 583, in _build_master
return cls._build_from_requirements(requires)
File "/usr/lib/python2.7/site-packages/pkg_resources/init.py", line 596, in _build_from_requirements
dists = ws.resolve(reqs, Environment())
File "/usr/lib/python2.7/site-packages/pkg_resources/init.py", line 789, in resolve
raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (cryptography 1.7.2 (/usr/lib64/python2.7/site-packages), Requirement.parse('cryptography>=1.9'), set(['PyOpenSSL']))
best i can tell is the last line is the important bit - the latest version on centos7 python2-cryptography package is 1.7.2, but the letsencrypt 'certbot' tool needs >=1.9. A quick search online and here isn't being very fruitful with a resolution.
i'm running centos 7.6.1810, elrepo & rpmfusion repos.
short of compiling myself (and no doubt hitting a load of python version headaches), can anyone sugest a solution?
it's certainly worked in the past, as i have a cert already issued. I'm fairly sure i've had 2-3 automatic renewals with a cron certbot job.