Certbot-auto failing to run venv and/or pip as command

My domain is: aeolian.org.uk

I ran this command: (from root crontab and also manually as root) /usr/sbin/apachectl stop && /usr/local/bin/certbot-auto renew --quiet --no-self-upgrade --renew-hook “echo RENEWED $RENEWED_DOMAINS”; /usr/sbin/apachectl start

It produced this output: see below

My web server is (include version): Apache2 2.4.10

The operating system my web server runs on is (include version): Debian 8 (jessie)

My hosting provider, if applicable, is: Bytemark VM

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): tried various, see below

It first broke because I was running debian wheezy which was EOL. The fix that someone proposed didn’t work for me, and next the wheezy repositories were archived and that gave extra errors.

I’ve now upgraded to Jessie, apparently (fairly) cleanly. It’s not the latest Debian but it’s not EOL and certbot-auto should work with it.

I’ve tried running (as root) the latest certbot-auto version, and an old one (0.30). These give different errors

with version 30 and --no_self_upgrade
Traceback (most recent call last):
File “/tmp/tmp.wKemZgHq7z/pipstrap.py”, line 157, in
exit(main())
File “/tmp/tmp.wKemZgHq7z/pipstrap.py”, line 146, in main
shell=True)
File “/usr/local/lib/python2.7/subprocess.py”, line 574, in check_output
raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command ‘pip install --no-index --no-deps -U /tmp/pipstrap-fK6Cf4/pip-9.0.1.tar.gz /tmp/pipstrap-fK6Cf4/setuptools-40.6.3.zip /tmp/pipstrap-fK6Cf4/wheel-0.29.0.tar.gz’ returned non-zero exit status 1

with latest version. Also with --no_self_upgrade as I wanted to know what version I’m running.
Traceback (most recent call last):
File “/tmp/tmp.g7hN4geKVP/pipstrap.py”, line 177, in
sys.exit(main())
File “/tmp/tmp.g7hN4geKVP/pipstrap.py”, line 164, in main
check_output(command)
File “/usr/local/lib/python2.7/subprocess.py”, line 574, in check_output
raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command ‘[’/opt/eff.org/certbot/venv/bin/python’, ‘-m’, ‘pip’, ‘install’, ‘–no-index’, ‘–no-deps’, ‘-U’, ‘/tmp/pipstrap-PzAYLj/pip-9.0.1.tar.gz’, ‘/tmp/pipstrap-PzAYLj/setuptools-40.6.3.zip’, ‘/tmp/pipstrap-PzAYLj/wheel-0.29.0.tar.gz’]’ returned non-zero exit status 1

Set USE_PYTHON_3=1 with latest ver, error changes to
Traceback (most recent call last):
File “”, line 27, in
File “”, line 23, in create_venv
File “/usr/lib/python3.4/subprocess.py”, line 561, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command ‘[’/usr/bin/python3’, ‘-m’, ‘venv’, ‘/opt/eff.org/certbot/venv’]’ returned non-zero exit status 1

These errors seem similar to the one in this post Unable to renew/install upgrade to certbot

and similarly USE_PYTHON_3=1 with ver 0.30 doesn’t fix things.

–no_bootstrap has no effect.

Python is version 2.7.12 and python 3 is 3.4.2
pip was originally not available as a command but pip3 was. I’ve just forced a reload of pip which is now available as a command.
virtualenv was not available as a command in wheezy and that gave a different error, but is now installed in Jessie.

–verbose doesn’t give any more details of the error.

I moved from a single domain to a wildcard cert for two domains recently, but unless I’m much mistaken the renew errors started a bit after that change.

Does it affect this error if apache2 isn’t stopped? I have a temporary issue over stopping and starting Apache but these errors seems to predate it.

I’m a beginner with Python and SSL and am blundering around trying everything I can, but will try suggestions and report back with output.

If I can’t get certbot-auto to work in the next few days, can someone tell me if I can/how to renew with certbot safely with my existing config?

Thanks in advance

Nope … my issue was DNS resolution. My servers resolver wasn’t resolving.

You can do it manually with https://gethttpsforfree.com

Thanks alento. I only meant that it returned the same error status at the same line. Seth’s reply to your original post suggested running it as an unprivileged user which I’ve now tried. Same result!

OK, got there.

What worked:
Ran certbot-auto version 30 with following changes
Set USE_PYTHON_3=1
Replaced ‘pip’ in code with ‘pip3’
and first ran sudo apt install python3.4-venv

I was confused by the fact that python2.7 had venv (but had problems with pip install). Python3 was simply missing venv.

I’m puzzled that certbot-auto with its 1800-odd lines of code didn’t do an effective requirements check. I’m probably being grossly unfair, but from my POV all those lines of code were just more places to fail with a cryptic error.