Certbot-auto stopped working in May

Help
#1

My domain is: MasteringDCP.com

I run this command in crontab, which executes once a month: /opt/letsencrypt/certbot-auto renew

It worked for several months, until it produced this output on May 2, 2019:

Upgrading certbot-auto 0.33.1 to 0.34.0...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...

It produced this output on June 2, 2019:

Bootstrapping dependencies for Debian-based OSes... (you can skip this with --no-bootstrap)
Hit http://archive.ubuntu.com precise Release.gpg
Hit http://archive.ubuntu.com precise-updates Release.gpg
Hit http://archive.ubuntu.com precise-backports Release.gpg
Hit http://archive.ubuntu.com precise Release
Hit http://archive.ubuntu.com precise-updates Release
Hit http://archive.ubuntu.com precise-backports Release
Hit http://archive.ubuntu.com precise/main Sources
Hit http://archive.ubuntu.com precise/restricted Sources
Hit http://archive.ubuntu.com precise/universe Sources
Hit http://archive.ubuntu.com precise/multiverse Sources
Hit http://archive.ubuntu.com precise/main amd64 Packages
Hit http://archive.ubuntu.com precise/restricted amd64 Packages
Hit http://archive.ubuntu.com precise/universe amd64 Packages
Hit http://archive.ubuntu.com precise/multiverse amd64 Packages
Hit http://archive.ubuntu.com precise/main i386 Packages
Hit http://archive.ubuntu.com precise/restricted i386 Packages
Hit http://archive.ubuntu.com precise/universe i386 Packages
Hit http://archive.ubuntu.com precise/multiverse i386 Packages
Hit http://archive.ubuntu.com precise/main TranslationIndex
Hit http://archive.ubuntu.com precise/multiverse TranslationIndex
Hit http://archive.ubuntu.com precise/restricted TranslationIndex
Hit http://archive.ubuntu.com precise/universe TranslationIndex
Hit http://archive.ubuntu.com precise-updates/main Sources
Hit http://archive.ubuntu.com precise-updates/restricted Sources
Hit http://archive.ubuntu.com precise-updates/universe Sources
Hit http://archive.ubuntu.com precise-updates/multiverse Sources
Hit http://archive.ubuntu.com precise-updates/main amd64 Packages
Hit http://archive.ubuntu.com precise-updates/restricted amd64 Packages
Hit http://archive.ubuntu.com precise-updates/universe amd64 Packages
Hit http://archive.ubuntu.com precise-updates/multiverse amd64 Packages
Hit http://archive.ubuntu.com precise-updates/main i386 Packages
Hit http://archive.ubuntu.com precise-updates/restricted i386 Packages
Hit http://archive.ubuntu.com precise-updates/universe i386 Packages
Hit http://archive.ubuntu.com precise-updates/multiverse i386 Packages
Hit http://archive.ubuntu.com precise-updates/main TranslationIndex
Hit http://archive.ubuntu.com precise-updates/multiverse TranslationIndex
Hit http://archive.ubuntu.com precise-updates/restricted TranslationIndex
Hit http://archive.ubuntu.com precise-updates/universe TranslationIndex
Hit http://archive.ubuntu.com precise-backports/main Sources
Hit http://archive.ubuntu.com precise-backports/restricted Sources
Hit http://archive.ubuntu.com precise-backports/universe Sources
Hit http://archive.ubuntu.com precise-backports/multiverse Sources
Hit http://archive.ubuntu.com precise-backports/main amd64 Packages
Hit http://archive.ubuntu.com precise-backports/restricted amd64 Packages
Hit http://archive.ubuntu.com precise-backports/universe amd64 Packages
Hit http://archive.ubuntu.com precise-backports/multiverse amd64 Packages
Hit http://archive.ubuntu.com precise-backports/main i386 Packages
Hit http://archive.ubuntu.com precise-backports/restricted i386 Packages
Hit http://archive.ubuntu.com precise-backports/universe i386 Packages
Hit http://archive.ubuntu.com precise-backports/multiverse i386 Packages
Hit http://archive.ubuntu.com precise-backports/main TranslationIndex
Hit http://archive.ubuntu.com precise-backports/multiverse TranslationIndex
Hit http://archive.ubuntu.com precise-backports/restricted TranslationIndex
Hit http://archive.ubuntu.com precise-backports/universe TranslationIndex
Hit http://archive.ubuntu.com precise/main Translation-en
Hit http://archive.ubuntu.com precise/multiverse Translation-en
Hit http://archive.ubuntu.com precise/restricted Translation-en
Hit http://archive.ubuntu.com precise/universe Translation-en
Hit http://archive.ubuntu.com precise-updates/main Translation-en
Hit http://archive.ubuntu.com precise-updates/multiverse Translation-en
Hit http://archive.ubuntu.com precise-updates/restricted Translation-en
Hit http://archive.ubuntu.com precise-updates/universe Translation-en
Hit http://archive.ubuntu.com precise-backports/main Translation-en
Hit http://archive.ubuntu.com precise-backports/multiverse Translation-en
Hit http://archive.ubuntu.com precise-backports/restricted Translation-en
Hit http://archive.ubuntu.com precise-backports/universe Translation-en
Hit http://security.ubuntu.com precise-security Release.gpg
Hit http://security.ubuntu.com precise-security Release
Hit http://security.ubuntu.com precise-security/main Sources
Hit http://security.ubuntu.com precise-security/restricted Sources
Hit http://security.ubuntu.com precise-security/universe Sources
Hit http://security.ubuntu.com precise-security/multiverse Sources
Hit http://security.ubuntu.com precise-security/main amd64 Packages
Hit http://security.ubuntu.com precise-security/restricted amd64 Packages
Hit http://security.ubuntu.com precise-security/universe amd64 Packages
Hit http://security.ubuntu.com precise-security/multiverse amd64 Packages
Hit http://security.ubuntu.com precise-security/main i386 Packages
Hit http://security.ubuntu.com precise-security/restricted i386 Packages
Hit http://security.ubuntu.com precise-security/universe i386 Packages
Hit http://security.ubuntu.com precise-security/multiverse i386 Packages
Hit http://security.ubuntu.com precise-security/main TranslationIndex
Hit http://security.ubuntu.com precise-security/multiverse TranslationIndex
Hit http://security.ubuntu.com precise-security/restricted TranslationIndex
Hit http://security.ubuntu.com precise-security/universe TranslationIndex
Hit http://security.ubuntu.com precise-security/main Translation-en
Hit http://security.ubuntu.com precise-security/multiverse Translation-en
Hit http://security.ubuntu.com precise-security/restricted Translation-en
Hit http://security.ubuntu.com precise-security/universe Translation-en
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
augeas-lenses is already the newest version.

I ran this command manually: /opt/letsencrypt/certbot-auto renew

It produced almost the same output as above, except it also had the following (after the last line of above output):

gcc is already the newest version.
libaugeas0 is already the newest version.
libffi-dev is already the newest version.
python-virtualenv is already the newest version.
ca-certificates is already the newest version.
libssl-dev is already the newest version.
openssl is already the newest version.
python is already the newest version.
python-dev is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 49 not upgraded.
Upgrading certbot-auto 0.34.2 to 0.35.1...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
/opt/eff.org/certbot/venv/bin/python: No module named pip.__main__; 'pip' is a package and cannot be directly executed
Traceback (most recent call last):
File "/tmp/tmp.8Txuq3sx46/pipstrap.py", line 177, in <module>
sys.exit(main())
File "/tmp/tmp.8Txuq3sx46/pipstrap.py", line 149, in main
pip_version = StrictVersion(check_output([python, '-m', 'pip', '--version'])
File "/usr/lib/python2.7/subprocess.py", line 544, in check_output
raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command '['/opt/eff.org/certbot/venv/bin/python', '-m', 'pip', '--version']' returned non-zero exit status 1

I ran this command manually: /opt/letsencrypt/certbot-auto renew -webroot

The output is almost the same the above combined, except for a few minor differences. Let me know if you want me to copy and paste this as well.

My web server is (include version): Apache/2.2.22 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 12.04.4 LTS (GNU/Linux 3.5.0-54-generic x86_64)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

# certbot --version
certbot: command not found
# certbot-auto --version
certbot-auto: command not found
#2

Recent versions of certbot-auto no longer support the very old version of pip packaged by Debian 7 and Ubuntu 12.04.

There are some workarounds:

3 Likes
#3

@mnordhoff

Thanks for directing me to the workarounds.

PIP error with certbot-auto seems to be related to Debian 7. I’m running Ubuntu 12.04. Will those suggestions work with Ubuntu 12.04?

There were several, different suggestions from:

Which suggestion should I try?

(I’m not knowledgeable about pip or python. I’m not that knowledgeable about certbot either. I’m just trying to get SSL certificates for my websites.)

#4

Dear @curt,

Installing certbot on systems running outdated versions of Python should be universal enough to work on any Linux and maybe even others like BSD, macOS and Windows WSL.

While we have only tested it on an outdated Debian system, you should not hesitate to try it on Ubuntu. Likewise, we will be happy to hear from the community about other targets / platforms where this could have been applied successfully.

With kind regards,
Andreas.

1 Like
#5

Dear @amotl ,

Thanks for your help. It seemed to work for the most part. During the process, there were some warnings:

# pyenv install 3.4.2
Downloading Python-3.4.2.tar.xz...
-> https://www.python.org/ftp/python/3.4.2/Python-3.4.2.tar.xz
Installing Python-3.4.2...
patching file ./Lib/ssl.py
patching file ./Modules/_ssl.c
WARNING: The Python bz2 extension was not compiled. Missing the bzip2 lib?
WARNING: The Python sqlite3 extension was not compiled. Missing the SQLite3 lib?
Installed Python-3.4.2 to /root/.pyenv/versions/3.4.2


# pip install certbot requests requests-toolbelt pbr
    ...
    PkgResourcesDeprecationWarning: Parameters to load are deprecated.  Call .resolve and .require separately.
          from distutils.command.build import build
        no previously-included directories found matching 'docs/_build'
        warning: no previously-included files found matching 'vectors'
        warning: no previously-included files matching '*' found under directory 'vectors'
        warning: no previously-included files found matching 'azure-pipelines.yml'
        warning: no previously-included files found matching '.azure-pipelines'
        warning: no previously-included files found matching '.travis.yml'
        warning: no previously-included files found matching '.travis'
        warning: no previously-included files matching '*' found under directory '.azure-pipelines'
        warning: no previously-included files matching '*' found under directory '.travis'
        warning: no previously-included files found matching 'release.py'
        warning: no previously-included files found matching '.coveragerc'
        warning: no previously-included files found matching 'codecov.yml'
        warning: no previously-included files found matching 'dev-requirements.txt'
        warning: no previously-included files found matching 'rtd-requirements.txt'
        warning: no previously-included files found matching 'tox.ini'
  ...
  PkgResourcesDeprecationWarning: Parameters to load are deprecated.  Call .resolve and .require separately.
          #
        warning: no previously-included files matching '*.dll' found anywhere in distribution
        warning: no previously-included files matching '*.pyc' found anywhere in distribution
        warning: no previously-included files matching '*.pyo' found anywhere in distribution
        warning: no previously-included files matching '*.so' found anywhere in distribution
        warning: no previously-included files matching 'coverage.xml' found anywhere in distribution
        warning: no previously-included files matching 'appveyor.yml' found anywhere in distribution
        no previously-included directories found matching 'docs/_build'
    Downloading/unpacking parsedatetime>=1.3 (from certbot)
      ...
        /var/tmp/pip_build_root/parsedatetime/setup.py:12: PkgResourcesDeprecationWarning: Parameters to load are deprecated.  Call .resolve and .require separately.
          def read(filename):
        no previously-included directories found matching '.DS_Store'
    ...
        /var/tmp/pip_build_root/future/setup.py:12: PkgResourcesDeprecationWarning: Parameters to load are deprecated.  Call .resolve and .require separately.
          except ImportError:
        warning: no files found matching '*.au' under directory 'tests'
        warning: no files found matching '*.gif' under directory 'tests'
        warning: no files found matching '*.txt' under directory 'tests'
    Downloading/unpacking zope.event (from zope.component->certbot)
     ...
        /var/tmp/pip_build_root/zope.hookable/setup.py:70: DistDeprecationWarning: Features are deprecated and will be removed in a future version. See https://github.com/pypa/setuptools/issues/65.
          [os.path.join('src', 'zope', 'hookable', "_zope_hookable.c")],
        /root/.pyenv/versions/3.4.2/lib/python3.4/distutils/core.py:108: DistDeprecationWarning: Features are deprecated and will be removed in a future version. See https://github.com/pypa/setuptools/issues/65.
          _setup_distribution = dist = klass(attrs)
        /var/tmp/pip_build_root/zope.hookable/setup.py:12: PkgResourcesDeprecationWarning: Parameters to load are deprecated.  Call .resolve and .require separately.
          #
        warning: no previously-included files matching '*.pyc' found anywhere in distribution
    ...
        /var/tmp/pip_build_root/pycparser/setup.py:12: PkgResourcesDeprecationWarning: Parameters to load are deprecated.  Call .resolve and .require separately.
          def _run_build_tables(dir):
        warning: no previously-included files found matching 'setup.pyc'
        warning: no previously-included files matching 'yacctab.*' found under directory 'tests'
        warning: no previously-included files matching 'lextab.*' found under directory 'tests'
        warning: no previously-included files matching 'yacctab.*' found under directory 'examples'
        warning: no previously-included files matching 'lextab.*' found under directory 'examples'
    Downloading/unpacking zope.proxy (from zope.deferredimport>=4.2.1->zope.component->certbot)
      Downloading zope.proxy-4.3.1.tar.gz (43kB): 43kB downloaded
      Running setup.py (path:/var/tmp/pip_build_root/zope.proxy/setup.py) egg_info for package zope.proxy
        /var/tmp/pip_build_root/zope.proxy/setup.py:74: DistDeprecationWarning: Features are deprecated and will be removed in a future version. See https://github.com/pypa/setuptools/issues/65.
          [os.path.join('src', 'zope', 'proxy', "_zope_proxy_proxy.c")],
        /root/.pyenv/versions/3.4.2/lib/python3.4/distutils/core.py:108: DistDeprecationWarning: Features are deprecated and will be removed in a future version. See https://github.com/pypa/setuptools/issues/65.
          _setup_distribution = dist = klass(attrs)
        /var/tmp/pip_build_root/zope.proxy/setup.py:12: PkgResourcesDeprecationWarning: Parameters to load are deprecated.  Call .resolve and .require separately.
          #
        warning: no previously-included files matching '*.dll' found anywhere in distribution
        warning: no previously-included files matching '*.pyc' found anywhere in distribution
        warning: no previously-included files matching '*.pyo' found anywhere in distribution
        warning: no previously-included files matching '*.so' found anywhere in distribution
    ...
      Running setup.py install for configobj
      Could not find .egg-info directory in install record for configobj (from certbot)
      Running setup.py install for cryptography
        warning: no previously-included files found matching 'setup.pyc'
        warning: no previously-included files matching 'yacctab.*' found under directory 'tests'
        warning: no previously-included files matching 'lextab.*' found under directory 'tests'
        warning: no previously-included files matching 'yacctab.*' found under directory 'examples'
        warning: no previously-included files matching 'lextab.*' found under directory 'examples'
       ...
        
        Installed /var/tmp/pip_build_root/cryptography/.eggs/pycparser-2.19-py3.4.egg
        no previously-included directories found matching 'docs/_build'
        warning: no previously-included files found matching 'vectors'
        warning: no previously-included files matching '*' found under directory 'vectors'
        warning: no previously-included files found matching 'azure-pipelines.yml'
        warning: no previously-included files found matching '.azure-pipelines'
        warning: no previously-included files found matching '.travis.yml'
        warning: no previously-included files found matching '.travis'
        warning: no previously-included files matching '*' found under directory '.azure-pipelines'
        warning: no previously-included files matching '*' found under directory '.travis'
        warning: no previously-included files found matching 'release.py'
        warning: no previously-included files found matching '.coveragerc'
        warning: no previously-included files found matching 'codecov.yml'
        warning: no previously-included files found matching 'dev-requirements.txt'
        warning: no previously-included files found matching 'rtd-requirements.txt'
        warning: no previously-included files found matching 'tox.ini'
        ...
        build/temp.linux-x86_64-3.4/_openssl.c: In function ‘SSL_SESSION_get_master_key’:
        build/temp.linux-x86_64-3.4/_openssl.c:2397:23: warning: conversion to ‘size_t’ from ‘int’ may change the sign of the result [-Wsign-conversion]
        build/temp.linux-x86_64-3.4/_openssl.c:2399:25: warning: conversion to ‘size_t’ from ‘int’ may change the sign of the result [-Wsign-conversion]
        build/temp.linux-x86_64-3.4/_openssl.c: In function ‘SSL_SESSION_get_ticket_lifetime_hint’:
        build/temp.linux-x86_64-3.4/_openssl.c:2411:13: warning: conversion to ‘long unsigned int’ from ‘long int’ may change the sign of the result [-Wsign-conversion]
        build/temp.linux-x86_64-3.4/_openssl.c: In function ‘Cryptography_setup_ssl_threads’:
        build/temp.linux-x86_64-3.4/_openssl.c:2966:44: warning: conversion to ‘unsigned int’ from ‘int’ may change the sign of the result [-Wsign-conversion]
        build/temp.linux-x86_64-3.4/_openssl.c: In function ‘Cryptography_pem_password_cb’:
        build/temp.linux-x86_64-3.4/_openssl.c:3002:37: warning: conversion to ‘size_t’ from ‘int’ may change the sign of the result [-Wsign-conversion]
        build/temp.linux-x86_64-3.4/_openssl.c: In function ‘_cffi_d_BIO_new_mem_buf’:
        build/temp.linux-x86_64-3.4/_openssl.c:11865:3: warning: passing argument 1 of ‘BIO_new_mem_buf’ discards ‘const’ qualifier from pointer target type [enabled by default]
        /usr/include/openssl/bio.h:668:6: note: expected ‘void *’ but argument is of type ‘const void *’
        build/temp.linux-x86_64-3.4/_openssl.c: In function ‘_cffi_f_BIO_new_mem_buf’:
        build/temp.linux-x86_64-3.4/_openssl.c:11898:3: warning: passing argument 1 of ‘BIO_new_mem_buf’ discards ‘const’ qualifier from pointer target type [enabled by default]
        /usr/include/openssl/bio.h:668:6: note: expected ‘void *’ but argument is of type ‘const void *’
        build/temp.linux-x86_64-3.4/_openssl.c: In function ‘_cffi_d_OCSP_cert_to_id’:
        build/temp.linux-x86_64-3.4/_openssl.c:27757:3: warning: passing argument 2 of ‘OCSP_cert_to_id’ discards ‘const’ qualifier from pointer target type [enabled by default]
        /usr/include/openssl/ocsp.h:413:14: note: expected ‘struct X509 *’ but argument is of type ‘const struct X509 *’
        build/temp.linux-x86_64-3.4/_openssl.c:27757:3: warning: passing argument 3 of ‘OCSP_cert_to_id’ discards ‘const’ qualifier from pointer target type [enabled by default]
        /usr/include/openssl/ocsp.h:413:14: note: expected ‘struct X509 *’ but argument is of type ‘const struct X509 *’
        build/temp.linux-x86_64-3.4/_openssl.c: In function ‘_cffi_f_OCSP_cert_to_id’:
        build/temp.linux-x86_64-3.4/_openssl.c:27810:3: warning: passing argument 2 of ‘OCSP_cert_to_id’ discards ‘const’ qualifier from pointer target type [enabled by default]
        /usr/include/openssl/ocsp.h:413:14: note: expected ‘struct X509 *’ but argument is of type ‘const struct X509 *’
        build/temp.linux-x86_64-3.4/_openssl.c:27810:3: warning: passing argument 3 of ‘OCSP_cert_to_id’ discards ‘const’ qualifier from pointer target type [enabled by default]
        /usr/include/openssl/ocsp.h:413:14: note: expected ‘struct X509 *’ but argument is of type ‘const struct X509 *’
        build/temp.linux-x86_64-3.4/_openssl.c: In function ‘_cffi_d_OCSP_resp_get0_certs’:
        build/temp.linux-x86_64-3.4/_openssl.c:28227:3: warning: return discards ‘const’ qualifier from pointer target type [enabled by default]
        build/temp.linux-x86_64-3.4/_openssl.c: In function ‘_cffi_f_OCSP_resp_get0_certs’:
        build/temp.linux-x86_64-3.4/_openssl.c:28250:12: warning: assignment discards ‘const’ qualifier from pointer target type [enabled by default]
        build/temp.linux-x86_64-3.4/_openssl.c: In function ‘_cffi_d_SSL_CTX_add_extra_chain_cert’:
        build/temp.linux-x86_64-3.4/_openssl.c:34387:10: warning: conversion to ‘long unsigned int’ from ‘long int’ may change the sign of the result [-Wsign-conversion]
        build/temp.linux-x86_64-3.4/_openssl.c: In function ‘_cffi_f_SSL_CTX_add_extra_chain_cert’:
        build/temp.linux-x86_64-3.4/_openssl.c:34427:14: warning: conversion to ‘long unsigned int’ from ‘long int’ may change the sign of the result [-Wsign-conversion]
        build/temp.linux-x86_64-3.4/_openssl.c: In function ‘_cffi_d_SSL_CTX_clear_options’:
        build/temp.linux-x86_64-3.4/_openssl.c:34566:3: warning: conversion to ‘long int’ from ‘long unsigned int’ may change the sign of the result [-Wsign-conversion]
        build/temp.linux-x86_64-3.4/_openssl.c:34566:10: warning: conversion to ‘long unsigned int’ from ‘long int’ may change the sign of the result [-Wsign-conversion]
        build/temp.linux-x86_64-3.4/_openssl.c: In function ‘_cffi_f_SSL_CTX_clear_options’:
        build/temp.linux-x86_64-3.4/_openssl.c:34599:3: warning: conversion to ‘long int’ from ‘long unsigned int’ may change the sign of the result [-Wsign-conversion]
        build/temp.linux-x86_64-3.4/_openssl.c:34599:14: warning: conversion to ‘long unsigned int’ from ‘long int’ may change the sign of the result [-Wsign-conversion]
        build/temp.linux-x86_64-3.4/_openssl.c: In function ‘_cffi_d_SSL_CTX_get_mode’:
        build/temp.linux-x86_64-3.4/_openssl.c:34851:10: warning: conversion to ‘long unsigned int’ from ‘long int’ may change the sign of the result [-Wsign-conversion]
        build/temp.linux-x86_64-3.4/_openssl.c: In function ‘_cffi_f_SSL_CTX_get_mode’:
        build/temp.linux-x86_64-3.4/_openssl.c:34874:14: warning: conversion to ‘long unsigned int’ from ‘long int’ may change the sign of the result [-Wsign-conversion]
        build/temp.linux-x86_64-3.4/_openssl.c: In function ‘_cffi_d_SSL_CTX_get_options’:
        build/temp.linux-x86_64-3.4/_openssl.c:34887:10: warning: conversion to ‘long unsigned int’ from ‘long int’ may change the sign of the result [-Wsign-conversion]
       ...
        build/temp.linux-x86_64-3.4/_openssl.c:39673:14: warning: conversion to ‘long unsigned int’ from ‘long int’ may change the sign of the result [-Wsign-conversion]
        build/temp.linux-x86_64-3.4/_openssl.c: In function ‘_cffi_d_SSL_set_mode’:
        build/temp.linux-x86_64-3.4/_openssl.c:41557:3: warning: conversion to ‘long int’ from ‘long unsigned int’ may change the sign of the result [-Wsign-conversion]
        build/temp.linux-x86_64-3.4/_openssl.c:41557:10: warning: conversion to ‘long unsigned int’ from ‘long int’ may change the sign of the result [-Wsign-conversion]
        build/temp.linux-x86_64-3.4/_openssl.c: In function ‘_cffi_f_SSL_set_mode’:
        build/temp.linux-x86_64-3.4/_openssl.c:41590:3: warning: conversion to ‘long int’ from ‘long unsigned int’ may change the sign of the result [-Wsign-conversion]
        build/temp.linux-x86_64-3.4/_openssl.c:41590:14: warning: conversion to ‘long unsigned int’ from ‘long int’ may change the sign of the result [-Wsign-conversion]
        build/temp.linux-x86_64-3.4/_openssl.c: In function ‘_cffi_d_SSL_set_options’:
        build/temp.linux-x86_64-3.4/_openssl.c:41603:3: warning: conversion to ‘long int’ from ‘long unsigned int’ may change the sign of the result [-Wsign-conversion]
        build/temp.linux-x86_64-3.4/_openssl.c:41603:10: warning: conversion to ‘long unsigned int’ from ‘long int’ may change the sign of the result [-Wsign-conversion]
        build/temp.linux-x86_64-3.4/_openssl.c: In function ‘_cffi_f_SSL_set_options’:
        build/temp.linux-x86_64-3.4/_openssl.c:41636:3: warning: conversion to ‘long int’ from ‘long unsigned int’ may change the sign of the result [-Wsign-conversion]
        build/temp.linux-x86_64-3.4/_openssl.c:41636:14: warning: conversion to ‘long unsigned int’ from ‘long int’ may change the sign of the result [-Wsign-conversion]
        gcc -pthread -shared -L/root/.pyenv/versions/3.4.2/lib build/temp.linux-x86_64-3.4/build/temp.linux-x86_64-3.4/_openssl.o -lssl -lcrypto -o build/lib.linux-x86_64-3.4/cryptography/hazmat/bindings/_openssl.abi3.so
        building '_constant_time' extension
        gcc -pthread -Wno-unused-result -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -fPIC -I/root/.pyenv/versions/3.4.2/include/python3.4m -c build/temp.linux-x86_64-3.4/_constant_time.c -o build/temp.linux-x86_64-3.4/build/temp.linux-x86_64-3.4/_constant_time.o
        gcc -pthread -shared -L/root/.pyenv/versions/3.4.2/lib build/temp.linux-x86_64-3.4/build/temp.linux-x86_64-3.4/_constant_time.o -o build/lib.linux-x86_64-3.4/cryptography/hazmat/bindings/_constant_time.abi3.so
        building '_padding' extension
        gcc -pthread -Wno-unused-result -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -fPIC -I/root/.pyenv/versions/3.4.2/include/python3.4m -c build/temp.linux-x86_64-3.4/_padding.c -o build/temp.linux-x86_64-3.4/build/temp.linux-x86_64-3.4/_padding.o
        gcc -pthread -shared -L/root/.pyenv/versions/3.4.2/lib build/temp.linux-x86_64-3.4/build/temp.linux-x86_64-3.4/_padding.o -o build/lib.linux-x86_64-3.4/cryptography/hazmat/bindings/_padding.abi3.so
      Could not find .egg-info directory in install record for cryptography>=1.2.3 (from certbot)
      Running setup.py install for zope.interface
        /var/tmp/pip_build_root/zope.interface/setup.py:70: DistDeprecationWarning: Features are deprecated and will be removed in a future version. See https://github.com/pypa/setuptools/issues/65.
          [os.path.normcase(codeoptimization_c)]
        /root/.pyenv/versions/3.4.2/lib/python3.4/distutils/core.py:108: DistDeprecationWarning: Features are deprecated and will be removed in a future version. See https://github.com/pypa/setuptools/issues/65.
          _setup_distribution = dist = klass(attrs)
        warning: no previously-included files matching '*.dll' found anywhere in distribution
        warning: no previously-included files matching '*.pyc' found anywhere in distribution
        warning: no previously-included files matching '*.pyo' found anywhere in distribution
        warning: no previously-included files matching '*.so' found anywhere in distribution
        warning: no previously-included files matching 'coverage.xml' found anywhere in distribution
        warning: no previously-included files matching 'appveyor.yml' found anywhere in distribution
        no previously-included directories found matching 'docs/_build'
        building 'zope.interface._zope_interface_coptimizations' extension
        ...
        Skipping installation of /root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/zope/__init__.py (namespace package)
        Installing /root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/zope.interface-4.6.0-py3.4-nspkg.pth
      Could not find .egg-info directory in install record for zope.interface (from certbot)
      Running setup.py install for parsedatetime
        no previously-included directories found matching '.DS_Store'
      Could not find .egg-info directory in install record for parsedatetime>=1.3 (from certbot)
      Running setup.py install for ConfigArgParse
      Could not find .egg-info directory in install record for ConfigArgParse>=0.9.3 (from certbot)
      Running setup.py install for cffi
        building '_cffi_backend' extension
        gcc -pthread -Wno-unused-result -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -fPIC -DUSE__THREAD -DHAVE_SYNC_SYNCHRONIZE -I/root/.pyenv/versions/3.4.2/include/python3.4m -c c/_cffi_backend.c -o build/temp.linux-x86_64-3.4/c/_cffi_backend.o
        gcc -pthread -shared -L/root/.pyenv/versions/3.4.2/lib build/temp.linux-x86_64-3.4/c/_cffi_backend.o -lffi -o build/lib.linux-x86_64-3.4/_cffi_backend.cpython-34m.so
      Could not find .egg-info directory in install record for cffi>=1.8,!=1.11.3 (from cryptography>=1.2.3->certbot)
      Running setup.py install for future
        warning: no files found matching '*.au' under directory 'tests'
        warning: no files found matching '*.gif' under directory 'tests'
        warning: no files found matching '*.txt' under directory 'tests'
        Installing futurize script to /root/.pyenv/versions/3.4.2/bin
        Installing pasteurize script to /root/.pyenv/versions/3.4.2/bin
      Could not find .egg-info directory in install record for future (from parsedatetime>=1.3->certbot)
      Running setup.py install for zope.hookable
        /var/tmp/pip_build_root/zope.hookable/setup.py:70: DistDeprecationWarning: Features are deprecated and will be removed in a future version. See https://github.com/pypa/setuptools/issues/65.
          [os.path.join('src', 'zope', 'hookable', "_zope_hookable.c")],
        /root/.pyenv/versions/3.4.2/lib/python3.4/distutils/core.py:108: DistDeprecationWarning: Features are deprecated and will be removed in a future version. See https://github.com/pypa/setuptools/issues/65.
          _setup_distribution = dist = klass(attrs)
        warning: no previously-included files matching '*.pyc' found anywhere in distribution
        building 'zope.hookable._zope_hookable' extension
        ...
        gcc -pthread -shared -L/root/.pyenv/versions/3.4.2/lib build/temp.linux-x86_64-3.4/src/zope/hookable/_zope_hookable.o -o build/lib.linux-x86_64-3.4/zope/hookable/_zope_hookable.cpython-34m.so
        Skipping installation of /root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/zope/__init__.py (namespace package)
        Installing /root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/zope.hookable-4.2.0-py3.4-nspkg.pth
      Could not find .egg-info directory in install record for zope.hookable>=4.2.0 (from zope.component->certbot)
      Running setup.py install for pycparser
        warning: no previously-included files found matching 'setup.pyc'
        warning: no previously-included files matching 'yacctab.*' found under directory 'tests'
        warning: no previously-included files matching 'lextab.*' found under directory 'tests'
        warning: no previously-included files matching 'yacctab.*' found under directory 'examples'
        warning: no previously-included files matching 'lextab.*' found under directory 'examples'
        Build the lexing/parsing tables
      Could not find .egg-info directory in install record for pycparser (from cffi>=1.8,!=1.11.3->cryptography>=1.2.3->certbot)
      Running setup.py install for zope.proxy
        /var/tmp/pip_build_root/zope.proxy/setup.py:74: DistDeprecationWarning: Features are deprecated and will be removed in a future version. See https://github.com/pypa/setuptools/issues/65.
          [os.path.join('src', 'zope', 'proxy', "_zope_proxy_proxy.c")],
        /root/.pyenv/versions/3.4.2/lib/python3.4/distutils/core.py:108: DistDeprecationWarning: Features are deprecated and will be removed in a future version. See https://github.com/pypa/setuptools/issues/65.
          _setup_distribution = dist = klass(attrs)
        warning: no previously-included files matching '*.dll' found anywhere in distribution
        warning: no previously-included files matching '*.pyc' found anywhere in distribution
        warning: no previously-included files matching '*.pyo' found anywhere in distribution
        warning: no previously-included files matching '*.so' found anywhere in distribution
        building 'zope.proxy._zope_proxy_proxy' extension
        gcc -pthread -Wno-unused-result -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -fPIC -I/root/.pyenv/versions/3.4.2/include/python3.4m -c src/zope/proxy/_zope_proxy_proxy.c -o build/temp.linux-x86_64-3.4/src/zope/proxy/_zope_proxy_proxy.o
        ...
        Skipping installation of /root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/zope/__init__.py (namespace package)
        Installing /root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/zope.proxy-4.3.1-py3.4-nspkg.pth
      Could not find .egg-info directory in install record for zope.proxy (from zope.deferredimport>=4.2.1->zope.component->certbot)
    Successfully installed certbot requests requests-toolbelt pbr configobj pytz josepy cryptography zope.interface parsedatetime pyrfc3339 acme ConfigArgParse zope.component mock urllib3 idna chardet certifi six PyOpenSSL asn1crypto cffi future zope.event zope.deferredimport zope.deprecation zope.hookable pycparser zope.proxy
    Cleaning up...


    # pip install certbot-apache
    ...
      Running setup.py install for python-augeas
        file augeas.py (for module augeas) not found
        file augeas.py (for module augeas) not found
        generating cffi module 'build/lib/augeas.py'
        file augeas.py (for module augeas) not found
      Could not find .egg-info directory in install record for python-augeas (from certbot-apache)
    Successfully installed certbot-apache python-augeas
    Cleaning up...

    # certbot --version
    /root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/cryptography/hazmat/bindings/openssl/binding.py:163: CryptographyDeprecationWarning: OpenSSL version 1.0.1 is no longer supported by the OpenSSL project, please upgrade. A future version of cryptography will drop support for it.
      utils.CryptographyDeprecationWarning
    certbot 0.35.1

Do these warnings matter?

I got certbot version 0.35.1.

@quanah (at Installing certbot on systems running outdated versions of Python) said to stop using certbot-auto. I ran:

#certbot renew

It seemed to work for all of my domains except the first one. Here is the output for the first domain:

# certbot renew
/root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/cryptography/hazmat/bindings/openssl/binding.py:163: CryptographyDeprecationWarning: OpenSSL version 1.0.1 is no longer supported by the OpenSSL project, please upgrade. A future version of cryptography will drop support for it.
  utils.CryptographyDeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/avvau.com-0002.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for avvau.com
http-01 challenge for www.avvau.com
Cleaning up challenges
Attempting to renew cert (avvau.com-0002) from /etc/letsencrypt/renewal/avvau.com-0002.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Input the webroot for avvau.com:. Skipping.

How do I fix this?

I searched for “Missing command line flag or config entry for this setting: Input the webroot” to see if there was any help for this, but to no avail.

#6

Hi @curt

check that configuration file. There should be a row

authenticator = webroot

Add

webroot-path = yourWebrootPath
#7

Dear @curt,

Thanks for letting me know.

Also thanks and glad it worked. Maybe I should update the tutorial to use a more recent version of Python. Maybe 3.6-something or even more recent makes things better. Will you have some time to try?

With kind regards,
Andreas.

P.S.: Thanks @JuergenAuer for answering the other question about the configuration already. I would not have been able to help here.

1 Like
#8

Hi @JuergenAuer

As suggested, I added the following to /etc/letsencrypt/renewal/avvau.com-0002.conf

webroot-path = /var/www/avvau.com/public_html

Then I ran the following and got the same error. Feel free to let me know if I entered the correct command to renew a single domain, as I’m not 100% sure if I entered it correctly:

# certbot certonly --webroot -n -d avvau.com -d www.avvau.com

/root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/cryptography/hazmat/bindings/openssl/binding.py:163: CryptographyDeprecationWarning: OpenSSL version 1.0.1 is no longer supported by the OpenSSL project, please upgrade. A future version of cryptography will drop support for it.
utils.CryptographyDeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.avvau.com
http-01 challenge for avvau.com
Cleaning up challenges
Missing command line flag or config entry for this setting:
Input the webroot for www.avvau.com:
#

In /var/log/letsencrypt/letsencrypt.log, it showed:

File "/root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/certbot/display/util.py", line 520, in input
self._interaction_fail(message, cli_flag)
File "/root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/certbot/display/util.py", line 466, in _interaction_fail
raise errors.MissingCommandlineFlag(msg)
certbot.errors.MissingCommandlineFlag: Missing command line flag or config entry for this setting:
Input the webroot for www.avvau.com:

2019-06-30 12:56:03,739:DEBUG:certbot.error_handler:Calling registered functions
2019-06-30 12:56:03,739:INFO:certbot.auth_handler:Cleaning up challenges
2019-06-30 12:56:03,739:DEBUG:certbot.plugins.webroot:All challenges cleaned up
2019-06-30 12:56:03,739:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 11, in <module>
sys.exit(main())
File "/root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/certbot/main.py", line 1379, in main
return config.func(config, plugins)
File "/root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/certbot/main.py", line 1262, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/certbot/main.py", line 115, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/certbot/renewal.py", line 307, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/certbot/client.py", line 349, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/certbot/client.py", line 385, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/certbot/auth_handler.py", line 69, in handle_authorizations
resps = self.auth.perform(achalls)
File "/root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/certbot/plugins/webroot.py", line 80, in perform
self._set_webroots(achalls)
File "/root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/certbot/plugins/webroot.py", line 98, in _set_webroots
known_webroots)
File "/root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/certbot/plugins/webroot.py", line 119, in _prompt_for_webroot
webroot = self._prompt_for_new_webroot(domain, True)
File "/root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/certbot/plugins/webroot.py", line 143, in _prompt_for_new_webroot
force_interactive=True)
File "/root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/certbot/display/ops.py", line 368, in validated_directory
validator, *args, **kwargs)
File "/root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/certbot/display/ops.py", line 325, in _get_validated
code, raw = method(message, default=default, **kwargs)
File "/root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/certbot/display/util.py", line 575, in directory_select
return self.input(message, default, cli_flag)
File "/root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/certbot/display/util.py", line 520, in input
self._interaction_fail(message, cli_flag)
File "/root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/certbot/display/util.py", line 466, in _interaction_fail
raise errors.MissingCommandlineFlag(msg)
certbot.errors.MissingCommandlineFlag: Missing command line flag or config entry for this setting:
Input the webroot for www.avvau.com:

I tried “certbot renew” and I still got the same error for the first domain (avvau.com) and it successfully renewed the other domains:

# certbot renew

/root/.pyenv/versions/3.4.2/lib/python3.4/site-packages/cryptography/hazmat/bindings/openssl/binding.py:163: CryptographyDeprecationWarning: OpenSSL version 1.0.1 is no longer supported by the OpenSSL project, please upgrade. A future version of cryptography will drop support for it.
utils.CryptographyDeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/avvau.com-0002.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.avvau.com
http-01 challenge for avvau.com
Cleaning up challenges
Attempting to renew cert (avvau.com-0002) from /etc/letsencrypt/renewal/avvau.com-0002.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Input the webroot for www.avvau.com:. Skipping.

Is there anything else I can try to fix this?

Hi @amotl

Yes, I’d be willing to install Python 3.6. However, please know that I have little to no experience with Python. If something goes wrong, I will need help to rectify it.

#9

That's

a bad command. You don't have the -w flag (with your webroot), but -n (non-interactive) says: "Don't show input and don't wait".

If you use the command directly, use

certbot certonly --webroot -w /var/www/avvau.com/public_html -d avvau.com -d www.avvau.com

Then you see if it works.

#10

@JuergenAuer

That command worked! Thanks so much.

Then I tried:

# certbot renew

This also worked and renewed all of my domains. I will now simply use “certbot renew” in my crontab -e.

Thanks!

1 Like
#11

Yep. If you want to change a configuration -> one command manual, that changes the config file. Then renew should work.

Happy to read that it had worked :+1:

#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.