Certbot-auto fails on debian wheezy, hangs on "Installing Python packages..."

My domain is:
https://beta.qbasepublishing.com/

I ran this command:
./certbot-auto

It produced this output:
Bootstrapping dependencies for Debian-based OSes… (you can skip this with --no-bootstrap)
Hit http://ftp.no.debian.org wheezy Release.gpg
Hit http://ftp.no.debian.org wheezy Release
Get:1 http://security.debian.org wheezy/updates Release.gpg [1601 B]
Hit http://ftp.no.debian.org wheezy/main Sources
Get:2 http://security.debian.org wheezy/updates Release [52.3 kB]
Hit http://http.debian.net wheezy-backports/main Translation-en/DiffIndex
Hit http://security.debian.org wheezy/updates/non-free amd64 Packages
Hit http://security.debian.org wheezy/updates/contrib Translation-en
Hit http://security.debian.org wheezy/updates/main Translation-en
Hit http://security.debian.org wheezy/updates/non-free Translation-en
Fetched 53.9 kB in 1s (36.4 kB/s)
Reading package lists… Done
Reading package lists… Done
Building dependency tree
Reading state information… Done
gcc is already the newest version.
python is already the newest version.
python-dev is already the newest version.
python-virtualenv is already the newest version.
ca-certificates is already the newest version.
libffi-dev is already the newest version.
libssl-dev is already the newest version.
openssl is already the newest version.
augeas-lenses is already the newest version.
libaugeas0 is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
Creating virtual environment…
Installing Python packages…
^CTraceback (most recent call last):
File “/tmp/tmp.aZst3nat2V/pipstrap.py”, line 184, in
exit(main())
File “/tmp/tmp.aZst3nat2V/pipstrap.py”, line 165, in main
for path, digest in PACKAGES]
File “/tmp/tmp.aZst3nat2V/pipstrap.py”, line 120, in hashed_download
response = opener(using_https=parsed_url.scheme == ‘https’).open(url)
File “/usr/lib/python2.7/urllib2.py”, line 401, in open
response = self._open(req, data)
File “/usr/lib/python2.7/urllib2.py”, line 419, in _open
‘_open’, req)
File “/usr/lib/python2.7/urllib2.py”, line 379, in _call_chain
result = func(*args)
File “/usr/lib/python2.7/urllib2.py”, line 1219, in https_open
return self.do_open(httplib.HTTPSConnection, req)
File “/usr/lib/python2.7/urllib2.py”, line 1178, in do_open
h.request(req.get_method(), req.get_selector(), req.data, headers)
File “/usr/lib/python2.7/httplib.py”, line 1000, in request
self._send_request(method, url, body, headers)
File “/usr/lib/python2.7/httplib.py”, line 1034, in _send_request
self.endheaders(body)
File “/usr/lib/python2.7/httplib.py”, line 996, in endheaders
self._send_output(message_body)
File “/usr/lib/python2.7/httplib.py”, line 847, in _send_output
self.send(msg)
File “/usr/lib/python2.7/httplib.py”, line 809, in send
self.connect()
File “/usr/lib/python2.7/httplib.py”, line 1204, in connect
self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
File “/usr/lib/python2.7/ssl.py”, line 381, in wrap_socket
ciphers=ciphers)
File “/usr/lib/python2.7/ssl.py”, line 143, in init
self.do_handshake()
File “/usr/lib/python2.7/ssl.py”, line 305, in do_handshake
self._sslobj.do_handshake()
KeyboardInterrupt

My web server is (include version):
Server version: Apache/2.2.22 (Debian)
Server built: Sep 21 2017 20:51:54

The operating system my web server runs on is (include version):
Debian GNU/Linux 7 (wheezy)

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

Other info
Python 2.7.3
pip 10.0.1 from /usr/local/lib/python2.7/dist-packages/pip (python 2.7) (installed after problems started, no difference - other VPS certbot work without command line pip)

Summary of problem: Has been working on my VPS at least one year, now certbot-auto never finishes. “Installing Python packages…” hangs and when interrupted with Ctrl-C displays the above output. I’ve been googling several solutions, all attempts so far are unsuccessfull: --no-self-upgrade (ignored), --no-bootstrap, installing pip, modifying python timeout (dared not mess with/remove/reinstall python), reinstalling certbot, manually removing opt/eff.org. No success, always stuck at the same place. No firewall issue. I have a feeling python is stuck in some incompatible/broken version and is unable to update itself due to some kind of certificate/https problem.

Current certificates are working until July but need to get this issue resolved or find other certificate solution. Suggestions/thoughts appreciated!

Hi @debianuser,

I don't know how to fix your issue but you are asking for suggestions....

1.- Maybe it is time to upgrade your Debian Wheezy, official support ended 2 years ago and LTS support will end this month.

2.- Use another acme client which doesn't need so many dependencies like acme.sh

Note: you said you removed /opt/eff.org but just in case, did you remove ~/.local/share/letsencrypt ?

Good luck,
sahsanu

Thank a lot for this advice. I’ve given up on Certbot and went down the path with Acmetool. It buys be some time before upgrading Debian…

For other users ending up in a similar predicament, I found this post helpful:

The problem has nothing to do with Debian Wheezy. I’m running Debian Jessie (Debian 8.10) and I get the same result. Before running certbot-auto I did apt-get update and apt-get upgrade to make sure my Jessie installation is up-to-date.
When I (as root) type: certbot-auto
the messages are slightly different from debianuser’s reflecting the fact that I’m using jessie not wheezy, but it hangs in exactly the same way, after “Installing Python packages…”, and when I kill it with ctrl-C the traceback starts with exactly the same lines in the same modules.
Installing Python packages…
^CTraceback (most recent call last):
File “/tmp/tmp.YumJ6Yaqo1/pipstrap.py”, line 184, in
exit(main())
File “/tmp/tmp.YumJ6Yaqo1/pipstrap.py”, line 165, in main
for path, digest in PACKAGES]
File “/tmp/tmp.YumJ6Yaqo1/pipstrap.py”, line 120, in hashed_download
response = opener(using_https=parsed_url.scheme == ‘https’).open(url)
File “/usr/lib/python2.7/urllib2.py”, line 437, in open
response = meth(req, response)
File “/usr/lib/python2.7/urllib2.py”, line 550, in http_response
‘http’, request, response, code, msg, hdrs)
File “/usr/lib/python2.7/urllib2.py”, line 469, in error
result = self._call_chain(*args)
File “/usr/lib/python2.7/urllib2.py”, line 409, in _call_chain
result = func(*args)
File “/usr/lib/python2.7/urllib2.py”, line 656, in http_error_302
return self.parent.open(new, timeout=req.timeout)
File “/usr/lib/python2.7/urllib2.py”, line 431, in open
response = self._open(req, data)
File “/usr/lib/python2.7/urllib2.py”, line 449, in _open
‘_open’, req)
File “/usr/lib/python2.7/urllib2.py”, line 409, in _call_chain
result = func(*args)
File “/usr/lib/python2.7/urllib2.py”, line 1240, in https_open
context=self._context)
File “/usr/lib/python2.7/urllib2.py”, line 1194, in do_open
h.request(req.get_method(), req.get_selector(), req.data, headers)
File “/usr/lib/python2.7/httplib.py”, line 1039, in request
self._send_request(method, url, body, headers)
File “/usr/lib/python2.7/httplib.py”, line 1073, in _send_request
self.endheaders(body)
File “/usr/lib/python2.7/httplib.py”, line 1035, in endheaders
self._send_output(message_body)
File “/usr/lib/python2.7/httplib.py”, line 879, in _send_output
self.send(msg)
File “/usr/lib/python2.7/httplib.py”, line 841, in send
self.connect()
File “/usr/lib/python2.7/httplib.py”, line 1242, in connect
HTTPConnection.connect(self)
File “/usr/lib/python2.7/httplib.py”, line 822, in connect
self.timeout, self.source_address)
File “/usr/lib/python2.7/socket.py”, line 562, in create_connection
sock.connect(sa)
File “/usr/lib/python2.7/socket.py”, line 224, in meth
return getattr(self._sock,name)(*args)
KeyboardInterrupt

Failure in precisely the same way on different Debian versions suggests that some recent change to certbot-auto has introduced a bug.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.