Error setting up route53 certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:hqyc1973.com

I ran this command:certbot certonly -d example.com -d hqyc1973.com --dns-route53 --logs-dir /home/ubuntu/letsencrypt/log/ --config-dir /home/ubuntu/letsencrypt/config/ --work-dir /home/ubuntu/letsencrypt/work/ -m myemailhere@gmail.com --agree-tos
--non-interactive --server https://acme-v02.api.letsencrypt.org/directory

It produced this output:/usr/lib/python3/dist-packages/requests/init.py:80: RequestsDependencyWarning: urllib3 (1.26.4) or chardet (3.0.4) doesn't match a supported version!
RequestsDependencyWarning)
An unexpected error occurred:
pkg_resources.ContextualVersionConflict: (zope.interface 4.3.2 (/usr/lib/python3/dist-packages), Requirement.parse('zope.interface>=5.3.0a1'), {'zope.component'})

My web server is (include version):Cherrypy

The operating system my web server runs on is (include version):Ubuntu

My hosting provider, if applicable, is:AWS route 53

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hi,

Did you install certbot using snap or you used pip/apt?
The error message is some sort of dependency issues and seems to happen in pip/apt rather than snap.

Hi Steve, I used this command:

ubuntu@ip-172-31-28-106:~$ which certbot
ubuntu@ip-172-31-28-106:~$ sudo pip3 install certbot

ubuntu@ip-172-31-28-106:~$ which certbot
/usr/local/bin/certbot
ubuntu@ip-172-31-28-106:~$ sudo pip3 install certbot-dns-route53
The directory '/home/ubuntu/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
The directory '/home/ubuntu/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.

大哥我记得我们一直说的都是从 certbot.eff.org 遵循流程下载 snapd里面的certbot吧... 要不然你先试试snapd的？

Can you follow the instruction on certbot.eff.org and try snap's certbot?

好的~

I have a question for the first step on that page:

Screenshot 2021-04-24 09.02.431802×957 97 KB

As I'm not using any of the software listed in that dropdown menu, I'm using Cherrypy on Ubuntu. Should I just select the last one "None of the above"?
Will this lead me to the aws-route53 download?
Thanks

Yes, but note that as CherryPy isn't supported directly by certbot, you'd need to install the certificate manually into CherryPy, once you've managed to get one.

Hi, this page leads me to the '--standalone' again. I think we encoutered this issue before. Should I just go ahead?

Screenshot 2021-04-24 09.19.091305×825 87.2 KB

I'm not familiar with the "issue before", although I remember someone trying to get a cert for CherryPy, not sure if it was you.

In any case, it depends on wheather you have a webserver running which can serve files from a specific directory (i.e., webroot) or if your webserver isn't running or needs to be stopped, because it's not able to serve files from a directory (i.e., standalone).

Hi osiris,
I've tried following the steps and got an error:

Screenshot 2021-04-24 09.28.501156×353 54.8 KB

Which step did I make a mistake?

Not sure, but could you try to run /snap/bin/certbot directly? To make sure you're really running the snap certbot.

Yes I promise I am running from snap, just as shown in the screenshot.

I'm following exactly each steps here. I don't know what's wrong?

Is there a tutorial for setting up cherrypy server on route 53?

Sometimes the symbolic link /usr/bin/certbot doesn't get updated by the ln -s step, so that's why I asked to run certbot from the /snap/bin/ directory directly.

The certbot shows you running the command certbot which doesn't show which application from which path is actually being used. Chances are you're still running the pip version. The instructions on certbot.eff.org don't include removing any pip version unfortunately.

You could also run which certbot to see what path is being used if you'd run certbot.

Yes I think this likely is the problem. I just ran the command and it does show this:

ubuntu@ip-172-31-28-106:~$ which certbot
/usr/local/bin/certbot

and I solved this. Thank you guys.

You should delete the pip certbot version.

So it seems you broke your promise earlier

Can I ask a follow-up question here?

I have copied the files to my webroot directory, and then configured my Cherrypy using the following lines:

"global": {
'server.socket_host': '0.0.0.0',
'server.socket_port': 443,
'server.ssl_module': 'builtin',
'server.ssl_certificate': os.path.join(ROOT_ABSOLUTE_PATH, "cert.pem"),
'server.ssl_private_key': os.path.join(ROOT_ABSOLUTE_PATH, "privkey.pem"),
'server.ssl_certificate_chain': os.path.join(ROOT_ABSOLUTE_PATH, "chain.pem")
}

Now my homepage can't be reached.

Screenshot 2021-04-24 16.31.112150×1438 159 KB

Is there anything in my configuration file possibly wrong? Thanks.

Have you checked to ensure CherryPy is running and listening on 443?
Try:
netstat -pant | grep -i listen

There is a spare file named "fullchain.pem" that doesn't seem to fit anywhere?

That is normal.
FullChain is equal to cert plus chain.

thanks. is it safe to interchange "fullchain.pem" with "chain.pem"?