Certbot - Certificate renewal on Ubuntu 14.04.5

Hi,

to renew my certificates I ran this command:

./letsencrypt-auto renew

It produced this output:

InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/security.html#insecureplatformwarning.

and at the end the error:

Command “/root/.local/share/letsencrypt/bin/python2.7 -u -c “import setuptools, tokenize;file=’/tmp/pip-build-pQ6JHW/python-augeas/setup.py’;f=getattr(tokenize, ‘open’, open)(file);code=f.read().replace(’\r\n’, ‘\n’);f.close();exec(compile(code, file, ‘exec’))” install --record /tmp/pip-GlYysT-record/install-record.txt --single-version-externally-managed --compile --install-headers /root/.local/share/letsencrypt/include/site/python2.7/python-augeas” failed with error code 1 in /tmp/pip-build-pQ6JHW/python-augeas/

I tried to install some possibly missing libraries (mainly augeas) which did not help. Then I decided to switch to certbot ACME and run

certbot --apache certonly

It gives also an error

Attempting to parse the version 0.12.0 renewal configuration file found at /etc/letsencrypt/renewal/www.zukovska.de.conf with version 0.11.1 of Certbot. This might not work.
Attempting to parse the version 0.12.0 renewal configuration file found at /etc/letsencrypt/renewal/www.mm-stat.org.conf with version 0.11.1 of Certbot. This might not work.

but run through.

However, going to the browser and checking the certificates they are still expiring at 15th april (and not at 15th july). Any ideas what I can do?

Thanks Sigbert

My domain is: www.sigbertklinke.de, www.zukovska.de, www.mm-stat.org
My operating system is (include version): Ubuntu 14.04.5
My web server is (include version): Apache/2.4.7 (Ubuntu)
My hosting provider, if applicable, is: Strato
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

hi @sigbert

This is how I would fix it

create a virtual environment
use pip install certbot==0.11.1
this should give you the correct version to do your install

i use windows so your screens will be different

image.png861×177 7.49 KB

run the certbot-auto command with the following statement

--no-self-upgrade (certbot-auto only) prevent the certbot-auto script
from upgrading itself to newer released versions
(default: Upgrade automatically)

If you run certbot within your virtual environment you should not be affected by the broken dependencies

Andrei

This should also help future proof

When updating - just create a new environment and install the newest version of certbot

if everything works OK you can delete the old virtual environment

If not you can always use the old one until you fix the new one

Andrei

Hi

this approach worked nearly perfectly, I had just to do two minor tweaks:

1.) Upgrade the setuptools in the virtualenv with

pip install --upgrade setuptools

2.) I needed to install the last version of certbot, version 0.12.0 instead of 0.11.1

Thanks a lot Sigbert

@sigbert

thanks for the feedback

yes i will add that in future

I also should point out you should use the --copy-files switch as well otherwise the core points to python 2.x or 3.x core (which can be modified by other programs)

Glad to hear certbot 0.12.0 worked

I thought their may have been issues which is why i suggested 0.11.1

Andrei

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.