Debian 6 can't setup certbot (failed with error code 1)

Hi, I’ve tried to install Certbot in our server (Debian 6 wheezy) to get https certificate for our website dzmob.com (running on apache) but the script failed and I don’t know why! … can you help plz.

Here’s the command executed with --verbose:
EDIT: our provider is LWS so some logs are in french

/var/www/dzmob.com/web# sudo ./certbot-auto --authenticator webroot --installer apache --verbose
Bootstrapping dependencies for Debian-based OSes... (you can skip this with --no-bootstrap)
Atteint http://packages.dotdeb.org squeeze Release.gpg
Ign http://packages.dotdeb.org/ squeeze/all Translation-en                                     
Ign http://packages.dotdeb.org/ squeeze/all Translation-fr                                     
Atteint http://packages.dotdeb.org squeeze-php54 Release.gpg                                   
Ign http://packages.dotdeb.org/ squeeze-php54/all Translation-en                               
Ign http://packages.dotdeb.org/ squeeze-php54/all Translation-fr                               
Atteint http://packages.dotdeb.org squeeze Release                                             
Atteint http://packages.dotdeb.org squeeze-php54 Release                                       
Atteint http://packages.dotdeb.org squeeze/all Sources                                         
Atteint http://packages.dotdeb.org squeeze/all amd64 Packages                                  
Atteint http://packages.dotdeb.org squeeze-php54/all Sources                                   
Atteint http://packages.dotdeb.org squeeze-php54/all amd64 Packages                            
Atteint http://archive.debian.org squeeze Release.gpg                                          
Ign http://archive.debian.org/debian/ squeeze/contrib Translation-en                           
Ign http://archive.debian.org/debian/ squeeze/contrib Translation-fr                           
Ign http://archive.debian.org/debian/ squeeze/main Translation-en                              
Atteint http://archive.debian.org/debian/ squeeze/main Translation-fr                          
Ign http://archive.debian.org/debian/ squeeze/non-free Translation-en                          
Ign http://archive.debian.org/debian/ squeeze/non-free Translation-fr                          
Atteint http://archive.debian.org squeeze-proposed-updates Release.gpg                         
Atteint http://archive.debian.org/debian/ squeeze-proposed-updates/contrib Translation-en      
Ign http://archive.debian.org/debian/ squeeze-proposed-updates/contrib Translation-fr          
Atteint http://repo.mongodb.org wheezy/mongodb-org/3.0 Release.gpg                             
Ign http://repo.mongodb.org/apt/debian/ wheezy/mongodb-org/3.0/main Translation-en             
Ign http://repo.mongodb.org/apt/debian/ wheezy/mongodb-org/3.0/main Translation-fr             
Réception de : 1 http://repo.mongodb.org wheezy/mongodb-org/3.2 Release.gpg [801 B]            
Ign http://repo.mongodb.org/apt/debian/ wheezy/mongodb-org/3.2/main Translation-en             
Ign http://repo.mongodb.org/apt/debian/ wheezy/mongodb-org/3.2/main Translation-fr             
Atteint http://archive.debian.org/debian/ squeeze-proposed-updates/main Translation-en         
Ign http://archive.debian.org/debian/ squeeze-proposed-updates/main Translation-fr             
Atteint http://archive.debian.org/debian/ squeeze-proposed-updates/non-free Translation-en     
Ign http://archive.debian.org/debian/ squeeze-proposed-updates/non-free Translation-fr         
Atteint http://archive.debian.org squeeze-lts Release.gpg                                      
Ign http://archive.debian.org/debian/ squeeze-lts/contrib Translation-en                       
Atteint http://repo.mongodb.org wheezy/mongodb-org/3.0 Release                                 
Ign http://archive.debian.org/debian/ squeeze-lts/contrib Translation-fr                       
Ign http://archive.debian.org/debian/ squeeze-lts/main Translation-en                          
Ign http://archive.debian.org/debian/ squeeze-lts/main Translation-fr                          
Ign http://archive.debian.org/debian/ squeeze-lts/non-free Translation-en                      
Réception de : 2 http://repo.mongodb.org wheezy/mongodb-org/3.2 Release [3 312 B]              
Err http://repo.mongodb.org wheezy/mongodb-org/3.2 Release                                     
  
Ign http://repo.mongodb.org wheezy/mongodb-org/3.0/main amd64 Packages                         
Ign http://archive.debian.org/debian/ squeeze-lts/non-free Translation-fr                      
Atteint http://archive.debian.org squeeze-backports Release.gpg        
Atteint http://archive.debian.org/debian-backports/ squeeze-backports/main Translation-en
Ign http://archive.debian.org/debian-backports/ squeeze-backports/main Translation-fr
Atteint http://archive.debian.org squeeze Release                                              
Atteint http://archive.debian.org squeeze-proposed-updates Release                             
Ign http://repo.mongodb.org wheezy/mongodb-org/3.0/main amd64 Packages                         
Atteint http://archive.debian.org squeeze-lts Release                                          
Atteint http://downloads-distro.mongodb.org dist Release.gpg                                   
Atteint http://repo.mongodb.org wheezy/mongodb-org/3.0/main amd64 Packages                     
Atteint http://archive.debian.org squeeze-backports Release                                    
Atteint http://archive.debian.org squeeze/main amd64 Packages                                  
Atteint http://archive.debian.org squeeze/contrib amd64 Packages                               
Atteint http://archive.debian.org squeeze/non-free amd64 Packages
Atteint http://archive.debian.org squeeze-proposed-updates/main amd64 Packages
Atteint http://archive.debian.org squeeze-proposed-updates/contrib amd64 Packages
Atteint http://archive.debian.org squeeze-proposed-updates/non-free amd64 Packages             
Ign http://archive.debian.org squeeze-lts/main amd64 Packages/DiffIndex                        
Atteint http://archive.debian.org squeeze-lts/contrib amd64 Packages                           
Ign http://archive.debian.org squeeze-lts/non-free amd64 Packages/DiffIndex                    
Atteint http://archive.debian.org squeeze-backports/main amd64 Packages                        
Atteint http://archive.debian.org squeeze-lts/main amd64 Packages                              
Atteint http://archive.debian.org squeeze-lts/non-free amd64 Packages                     
Ign http://downloads-distro.mongodb.org/repo/debian-sysvinit/ dist/10gen Translation-en   
Ign http://downloads-distro.mongodb.org/repo/debian-sysvinit/ dist/10gen Translation-fr
Atteint http://downloads-distro.mongodb.org dist Release                         
Ign http://downloads-distro.mongodb.org dist/10gen amd64 Packages
Ign http://downloads-distro.mongodb.org dist/10gen amd64 Packages
Atteint http://downloads-distro.mongodb.org dist/10gen amd64 Packages
802 o réceptionnés en 1s (645 o/s)
Lecture des listes de paquets... Fait
W: Une erreur s'est produite lors du contrôle de la signature. Le dépôt n'est pas mis à jour et les fichiers d'index précédents seront utilisés. Erreur de GPG : http://repo.mongodb.org wheezy/mongodb-org/3.2 Release : Les signatures suivantes ne sont pas valables : KEYEXPIRED 1507497109

W: Impossible de récupérer http://repo.mongodb.org/apt/debian/dists/wheezy/mongodb-org/3.2/Release  

W: Le téléchargement de quelques fichiers d'index a échoué, ils ont été ignorés, ou les anciens ont été utilisés à la place.
No LSB modules are available.
No LSB modules are available.
No libaugeas0 version is available that's new enough to run the
Certbot apache plugin...
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances       
Lecture des informations d'état... Fait
ca-certificates est déjà la plus récente version disponible.
gcc est déjà la plus récente version disponible.
libffi-dev est déjà la plus récente version disponible.
python-dev est déjà la plus récente version disponible.
python est déjà la plus récente version disponible.
python-virtualenv est déjà la plus récente version disponible.
augeas-lenses est déjà la plus récente version disponible.
libaugeas0 est déjà la plus récente version disponible.
libssl-dev est déjà la plus récente version disponible.
openssl est déjà la plus récente version disponible.
0 mis à jour, 0 nouvellement installés, 0 à enlever et 35 non mis à jour.
Creating virtual environment...
Already using interpreter /usr/bin/python
New python executable in /opt/eff.org/certbot/venv/bin/python
Installing distribute.....................
  Complete output from command /opt/eff.org/certbot/venv/bin/python -c "#!python
\"\"\"Bootstrap distribu...1:])
" --always-copy -U distribute:
  Downloading http://pypi.python.org/packages/source/d/distribute/distribute-0.6.10.tar.gz
Traceback (most recent call last):
  File "<string>", line 480, in <module>
  File "<string>", line 475, in main
  File "<string>", line 196, in download_setuptools
  File "/usr/lib/python2.6/urllib2.py", line 126, in urlopen
    return _opener.open(url, data, timeout)
  File "/usr/lib/python2.6/urllib2.py", line 397, in open
    response = meth(req, response)
  File "/usr/lib/python2.6/urllib2.py", line 510, in http_response
    'http', request, response, code, msg, hdrs)
  File "/usr/lib/python2.6/urllib2.py", line 435, in error
    return self._call_chain(*args)
  File "/usr/lib/python2.6/urllib2.py", line 369, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.6/urllib2.py", line 518, in http_error_default
    raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 403: SSL is required
----------------------------------------
...Installing distribute...done.
Traceback (most recent call last):
  File "/usr/bin/virtualenv", line 3, in <module>
    virtualenv.main()
  File "/usr/lib/pymodules/python2.6/virtualenv.py", line 536, in main
    use_distribute=options.use_distribute)
  File "/usr/lib/pymodules/python2.6/virtualenv.py", line 626, in create_environment
    install_distribute(py_executable, unzip=unzip_setuptools)
  File "/usr/lib/pymodules/python2.6/virtualenv.py", line 367, in install_distribute
    _install_req(py_executable, unzip, distribute=True)
  File "/usr/lib/pymodules/python2.6/virtualenv.py", line 337, in _install_req
    cwd=cwd)
  File "/usr/lib/pymodules/python2.6/virtualenv.py", line 597, in call_subprocess
    % (cmd_desc, proc.returncode))
OSError: Command /opt/eff.org/certbot/venv/bin/python -c "#!python
\"\"\"Bootstrap distribu...1:])
" --always-copy -U distribute failed with error code 1

@bmw @joohoi,

If I curl http://pypi.python.org/packages/source/d/distribute/distribute-0.6.10.tar.gz, I also get this error now.

Thanks for opening the issue @Sofianio .

I tried to reproduce this on Debian 7, and was unable to do so.

You seem to be running Debian 6 (Squeeze) instead of Debian 7 (Wheezy). This very old version has unfortunately been EOLed by Debian almost two years ago, even for the LTS support. And I think that’s the reason for running in to these issues.

PyPi requires HTTPS connections instead of HTTP, and my guess is that the version of pip delivered by Debian Squeeze is too old, and only tries to fetch the packages using HTTP connection. This is a clip from request header from PyPi:

* Connected to pypi.python.org (151.101.0.223) port 80 (#0)
> GET /packages/source/d/distribute/distribute-0.6.10.tar.gz HTTP/1.1
> Host: pypi.python.org
> Accept: */*
> 
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 403 SSL is required

Unfortunately we’re unable to bootstrap Certbot for Debian Squeeze and the general advice here would be to upgrade your distribution. This is a good idea regardless of Certbot, as it isn’t receiving important updates anymore and this might subject your system to various forms of vulnerabilities.

I’m sorry I’m not able to help you more in this issue, and I hope you have a better experience after upgrading your operating system.

Thanks for the reply,
Sorry I got the name wrong it’s as you said Squeeze, unfortunately it’s not in our hands to upgrade but we’ll try asking our VPS provider.

Have a nice day.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.