Certbot has problem setting up the virtual environment

My domain is:
whoischelsea.com

I ran this command:
./certbot-auto certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d whoischelsea.com -d www.whoischelsea.com

It produced this output:
Requesting to rerun ./certbot-auto with root privileges…
Bootstrapping dependencies for Debian-based OSes… (you can skip this with --no-bootstrap)
Hit:1 http://security.debian.org stretch/updates InRelease
Ign:2 http://deb.debian.org/debian stretch InRelease
Hit:3 http://deb.debian.org/debian stretch-updates InRelease
Hit:4 http://deb.debian.org/debian stretch-backports InRelease
Hit:5 http://deb.debian.org/debian stretch Release
Hit:6 http://packages.cloud.google.com/apt google-cloud-monitoring-stretch InRelease
Hit:7 http://packages.cloud.google.com/apt cloud-sdk-stretch InRelease
Hit:8 http://packages.cloud.google.com/apt google-compute-engine-stretch-stable InRelease
Hit:10 http://packages.cloud.google.com/apt google-cloud-packages-archive-keyring-stretch InRelease
Reading package lists… Done
Reading package lists… Done
Building dependency tree
Reading state information… Done
augeas-lenses is already the newest version (1.8.0-1+deb9u1).
libaugeas0 is already the newest version (1.8.0-1+deb9u1).
ca-certificates is already the newest version (20161130+nmu1+deb9u1).
gcc is already the newest version (4:6.3.0-4).
libffi-dev is already the newest version (3.2.1-6).
python is already the newest version (2.7.13-2).
python-dev is already the newest version (2.7.13-2).
python-virtualenv is already the newest version (15.1.0+ds-1).
virtualenv is already the newest version (15.1.0+ds-1).
libssl-dev is already the newest version (1.1.0j-1~deb9u1).
openssl is already the newest version (1.1.0j-1~deb9u1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Creating virtual environment…
Installing Python packages…
Had a problem while installing Python packages.

pip prints the following errors:

DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won’t be maintained after that date. A future version of pip will drop support for Python 2.7.
Collecting argparse==1.4.0 (from -r /tmp/tmp.FXU6br2nzO/letsencrypt-auto-requirements.txt (line 11))
Downloading https://files.pythonhosted.org/packages/f2/94/3af39d34be01a24a6e65433d19e107099374224905f1e0cc6bbe1fd22a2f/argparse-1.4.0-py2.py3-none-any.whl
Collecting pycparser==2.14 (from -r /tmp/tmp.FXU6br2nzO/letsencrypt-auto-requirements.txt (line 17))
Downloading https://files.pythonhosted.org/packages/ad/15/7f42f31ba068f837816647135a0704a8c89aad685df160407e92870c0277/certbot_nginx-0.30.0-py2.py3-none-any.whl (90kB)

Requirement already satisfied: setuptools>=1.0 in /opt/eff.org/certbot/venv/lib/python2.7/site-packages (from josepy==1.1.0->-r /tmp/tmp.FXU6br2nzO/letsencrypt-auto-requirements.txt (line 95)) (40.6.3)Exception:Traceback (most recent call last): File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/cli/base_command.py”, line 176, in main status = self.run(options, args) File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/commands/install.py”, line 346, in run session=session, autobuilding=True File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/wheel.py”, line 848, in build assert building_is_possible

AssertionError

=====================================================

Certbot has problem setting up the virtual environment.

We were not be able to guess the right solution from your pip output.

What distro is this?

cat /etc/os-release
lsb_release -a

PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
NAME="Debian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="Debian -- User Support"
BUG_REPORT_URL="https://bugs.debian.org/"

No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 9.6 (stretch)
Release: 9.6
Codename: stretch

I’m having the same issue. I filed a bug here but it was closed without much explanation…

You are right. The bug should not have been closed.

I have reproduced the exact same failure on a completely fresh debian:stretch container.

I’m getting this on a renewal, never had a problem before.

NAME=“Ubuntu”
VERSION=“18.04.1 LTS (Bionic Beaver)”
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME=“Ubuntu 18.04.1 LTS”
VERSION_ID=“18.04”

Same problem here. I’ve tried a renewal and a fresh instance, both throwing the same error as OP:

NAME=“Amazon Linux AMI”
VERSION=“2018.03”
ID=“amzn”
ID_LIKE=“rhel fedora”
VERSION_ID=“2018.03”
PRETTY_NAME=“Amazon Linux AMI 2018.03”

This is a problem in pip. You can fix this for now by adding the --no-download flag to the calls to virtualenv on lines 1001 and 1003:

diff --git a/certbot-auto b/certbot-auto
index be2c367..2c0f64a 100755
--- a/certbot-auto
+++ b/certbot-auto
@@ -998,9 +998,9 @@ if [ "$1" = "--le-auto-phase2" ]; then
     rm -rf "$VENV_PATH"
     if [ "$PYVER" -le 27 ]; then
       if [ "$VERBOSE" = 1 ]; then
-        virtualenv --no-site-packages --python "$LE_PYTHON" "$VENV_PATH"
+        virtualenv --no-site-packages --no-download --python "$LE_PYTHON" "$VENV_PATH"
       else
-        virtualenv --no-site-packages --python "$LE_PYTHON" "$VENV_PATH" > /dev/null
+        virtualenv --no-site-packages --no-download --python "$LE_PYTHON" "$VENV_PATH" > /dev/null
       fi
     else
       if [ "$VERBOSE" = 1 ]; then

For those not familiar with how to apply diffs/patches, this one liner may be used to do the same thing (replace /path/to/certbot-auto with the path to your real certbot-auto file):

sed -i 's/virtualenv --no-site-packages/virtualenv --no-download --no-site-packages/' /path/to/certbot-auto

This worked for me. :white_check_mark::cat2::tornado:

Thank you very much, this worked for me as well! Appreciate the prompt attention to the issue and providing a workaround.

This worked for me as well. Thank you for the workaround!

I'm afraid this workaround does not work for a fresh install if you are trying to use the tool for the first time.

A new version of pip fixing this issue was released an hour or two ago.

That’s wonderful to hear. Can anyone point me in the right direction to download and install it?

Thanks!

Running certbot-auto again should automatically use it.

Thanks. I tried running it again (in my case letsencrypt-auto) on a fresh Ubuntu 16.04.5 LTS install on aws and I’m afraid the error is still the same.

Probably a newb question, but how long should this change remain? Will it automatically be handled in the next update? thanks.

Thanks ! I had the same issue as @melee1313 and this fixed it.

As a side note, in my system the file you mention is called “/opt/letsencrypt/letsencrypt-auto” and not “/opt/letsencrypt/certbot-auto”

Thank You!!! This worked like a charm