[Debian 9] Can't install Let's Encrypt

Hello, I run a debian 9 with VestaCP, so I use this tutorial https://github.com/interbrite/letsencrypt-vesta

but when installing (steps 5 : letsencrypt-vesta USERNAME DOMAIN) I got this error :

Downloading acme-0.20.0-py2.py3-none-any.whl (100kB)
Collecting certbot-apache==0.20.0 (from -r /tmp/tmp.buPlgXtqHs/letsencrypt-auto- requirements.txt (line 209))
Downloading certbot_apache-0.20.0-py2.py3-none-any.whl (209kB)
Exception:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/basecomm and.py”, line 215, in main
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/commands /install.py”, line 403, in run
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/utils/bu ild.py”, line 38, in exit
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/utils/bu ild.py”, line 42, in cleanup
File “/opt/eff.org/certbot/venv/share/python-wheels/retrying-1.3.3-py2.py3-non e-any.whl/retrying.py”, line 49, in wrapped_f
File “/opt/eff.org/certbot/venv/share/python-wheels/retrying-1.3.3-py2.py3-non e-any.whl/retrying.py”, line 212, in call
File “/opt/eff.org/certbot/venv/share/python-wheels/retrying-1.3.3-py2.py3-non e-any.whl/retrying.py”, line 247, in get
File “/opt/eff.org/certbot/venv/share/python-wheels/retrying-1.3.3-py2.py3-non e-any.whl/retrying.py”, line 200, in call
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/utils/__ init__.py”, line 102, in rmtree
File “/usr/lib/python2.7/shutil.py”, line 239, in rmtree
File “/usr/lib/python2.7/shutil.py”, line 237, in rmtree
OSError: [Errno 12] Cannot allocate memory: ‘/tmp/pip-build-WkGVHm’

Certbot has problem setting up the virtual environment.

Based on your pip output, the problem can likely be fixed by
increasing the available memory.

Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-e nvironment
for possible solutions.
You may also find some support resources at https://certbot.eff.org/support/ .
Let’s Encrypt returned an error status. Aborting.

The problem is that I got 24 RAM on this VPS, anyone get a clue how to get Let’s Encrypt with vestaCP? :confused:
(Sorry if I forget something ask me :smiley: )

Really? What does free -m && df -h say?

Certbot needs a couple hundred mb in /tmp due to how pip works I believe. You may be able to repoint this by setting TMPDIR (though I was not able to get it to work) or re-mounting /tmp as non-tmpfs.

If you are actually on that kind of memory constraint, I suggest using a native ACME client like acmetool or even acme.sh.

According to that traceback, Python is trying to delete files from the disk when it fails to allocate memory. (It is probably trying to build a list of files to unlink() and there are a lot of files in the directory.) They’re really out of memory.

Since you can’t really use another client and use the nice Vesta integration, you could try using the Debian packaged certbot (sudo apt install python-certbot-apache) and edit the LETSENCRYPT_COMMAND at the top of the letsencrypt-vesta to just call certbot instead of /usr/local/certbot/certbot-auto (or symlink it instead). certbot itself could very well run out of memory too, though. :slightly_frowning_face:

          total        used        free      shared  buff/cache   available

Mem: 24576 30 19886 105 4658 33457
Swap: 0 0 0
Filesystem Size Used Avail Use% Mounted on
/dev/ploop28195p1 493G 22G 446G 5% /
devtmpfs 12G 0 12G 0% /dev
tmpfs 12G 0 12G 0% /dev/shm
tmpfs 12G 9.4M 12G 1% /run
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 12G 0 12G 0% /sys/fs/cgroup
tmpfs 12G 0 12G 0% /tmp
none 12G 0 12G 0% /run/shm
tmpfs 2.4G 0 2.4G 0% /run/user/0

That was the first time, before launching Let’s Encrypt, and this come after the error :

          total        used        free      shared  buff/cache   available

Mem: 24576 31 19867 124 4676 32436
Swap: 0 0 0
Filesystem Size Used Avail Use% Mounted on
/dev/ploop28195p1 493G 22G 446G 5% /
devtmpfs 12G 0 12G 0% /dev
tmpfs 12G 0 12G 0% /dev/shm
tmpfs 12G 9.4M 12G 1% /run
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 12G 0 12G 0% /sys/fs/cgroup
tmpfs 12G 20M 12G 1% /tmp
none 12G 0 12G 0% /run/shm
tmpfs 2.4G 0 2.4G 0% /run/user/0

Also, I saw that after a while if I try to upload something on FTP, the vps crash

@Patches

Sorry I’m not sure to understand (english isn’t my mother tongue)

You have 24 GB of RAM on this VPS. You should not be running out of memory!

What is the output of:

ps aux --sort -rss | head -n21

Are you on an OpenVZ/LXC VPS, or is this KVM/Xen? The RAM being shown may be the host RAM.

1 Like

If don't know the answer to this, run systemd-detect-virt and it will tell you.

1 Like

ps aux --sort -rss | head -n21 give

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 915 1.1 5.0 2731008 1269396 pts/2 Sl+ 14:28 1:39 ./worldserver
clamav 275 0.0 2.1 801052 543632 ? Ssl 14:26 0:08 /usr/sbin/clamd --foreground=true
mysql 435 0.1 0.7 1109956 178380 ? SNsl 14:26 0:10 /usr/sbin/mysqld
root 497 0.0 0.3 161872 82068 ? SNs 14:26 0:01 /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir
root 618 0.0 0.3 161872 78644 ? SN 14:26 0:00 spamd child
root 619 0.0 0.3 161872 78640 ? SN 14:26 0:00 spamd child
root 475 0.0 0.1 446364 25824 ? Ss 14:26 0:00 /usr/sbin/apache2 -k start
www-data 611 0.0 0.0 449348 17852 ? S 14:26 0:01 /usr/sbin/apache2 -k start
www-data 1296 0.0 0.0 449412 16920 ? S 14:35 0:00 /usr/sbin/apache2 -k start
www-data 4508 0.0 0.0 449336 16684 ? S 15:46 0:00 /usr/sbin/apache2 -k start
www-data 14188 0.0 0.0 449364 15812 ? S 16:00 0:00 /usr/sbin/apache2 -k start
www-data 14280 0.0 0.0 449364 15640 ? S 16:01 0:00 /usr/sbin/apache2 -k start
root 491 0.0 0.0 1188088 14668 ? Sl 14:26 0:03 /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
clamav 156 0.0 0.0 150224 14488 ? SNs 14:26 0:00 /usr/bin/freshclam -d --foreground=true
root 914 0.1 0.0 129000 7432 pts/1 Sl+ 14:28 0:11 ./authserver
root 53 0.0 0.0 46036 6808 ? Ss 14:26 0:00 /lib/systemd/systemd-journald
root 489 0.0 0.0 316440 6036 ? Ss 14:26 0:00 /usr/sbin/smbd
root 471 0.0 0.0 162844 5968 ? SNs 14:26 0:00 php-fpm: master process (/usr/local/vesta/php/etc/php-fpm.conf)
admin 472 0.0 0.0 162844 5472 ? SN 14:26 0:00 php-fpm: pool www
admin 473 0.0 0.0 162844 5472 ? SN 14:26 0:00 php-fpm: pool www

Also I’m in OpenVZ

I make those commands without entering the one to install again Let’s Encrypt because after a while it make VPS crash like I said (also yes I forgot to say that was 24 GB sorry)

worldserver+clamav are taking up more than 1.5GB RAM. How much RAM are you actually paying for/entitled to? What does your hosting plan say?

I can guess at two possibilities:

  • Either you have run out of RSS memory as per the allocation to your VZ instance, which is why pip fails to write to /tmp, since it is a tmpfs, or
  • The OpenVZ host has run out of RSS memory (oversold) and can’t allocate further memory.

Certbot can’t work around either of these problems, you need to ensure that your VZ instance has some free memory. I would ask your host these questions.

1 Like

Yes the worldserver is a program that I run for my own, but I’ve no idea what clamav is, I pay for 12 GB RAM and 24 GB Burst RAM (but that’s strange I just retry without doing anything, after a reboot, except that I upload files with filezilla on it)

Could you please enlight me about the RSS memory? (I don’t even know what it means, I’ll check on google)

clamav is antivirus software that is most likely being used by your mail server to scan e-mail attachments for viruses.

RSS memory refers to actual memory being used from RAM, as opposed to memory that may be swapped to disk or allocated by a program but unused. It is the technical term for the memory most people just refer to as memory.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.