Failure when i want to renew my certifcate

Hello,
I have un issue when i want to renew my certificate :

My domain is:
raps.chantiers.net

I ran this command:
sudo certbot renew

It produced this output:

 File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.28.0', 'console_scripts', 'certbot')()
 File "/usr/local/lib/python3.5/dist-packages/pkg_resources/__init__.py", line 473, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
 File "/usr/local/lib/python3.5/dist-packages/pkg_resources/__init__.py", line 2843, in load_entry_point
return ep.load()
 File "/usr/local/lib/python3.5/dist-packages/pkg_resources/__init__.py", line 2447, in load
return self.resolve()
 File "/usr/local/lib/python3.5/dist-packages/pkg_resources/__init__.py", line 2453, in resolve
module = __import__(self.module_name, fromlist=['__name__'], level=0)
 File "/usr/lib/python3/dist-packages/certbot/main.py", line 18, in <module>
from certbot import account
 File "/usr/lib/python3/dist-packages/certbot/account.py", line 24, in <module>
from certbot import util
 File "/usr/lib/python3/dist-packages/certbot/util.py", line 7, in <module>
import distutils.version  # pylint: disable=import-error,no-name-in-module
 File "<frozen importlib._bootstrap>", line 969, in _find_and_load
 File "<frozen importlib._bootstrap>", line 958, in _find_and_load_unlocked
 File "<frozen importlib._bootstrap>", line 666, in _load_unlocked
 File "<frozen importlib._bootstrap>", line 577, in module_from_spec
 File "/usr/local/lib/python3.5/dist-packages/_distutils_hack/__init__.py", line 82, in create_module
return importlib.import_module('._distutils', 'setuptools')
 File "/usr/lib/python3.5/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
 File "<frozen importlib._bootstrap>", line 981, in _gcd_import
 File "<frozen importlib._bootstrap>", line 931, in _sanity_check
 SystemError: Parent module 'setuptools' not loaded, cannot perform relative import

My web server is (include version):
Server version: Apache/2.4.25 (Raspbian)
Server built: 2019-10-13T15:43:54

The operating system my web server runs on is (include version):
PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)"
NAME="Raspbian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
VERSION_CODENAME=stretch
ID=raspbian

any idea ?
thk you in advance.
Dji

2 Likes

I don't have a definitive answer, but perhaps a few things worth thinking about:

  • have you tried (re)installing the setuptools package?
  • certbot 0.28 is very old and might present you with other issues fixed in more recent versions. I'm not certain if "stretch" has a newer version, but have you considered upgrading your Raspbian to Buster?
3 Likes

apt-get dist-upgrade ... in progress.
i will keep you in touch.
thank you !

3 Likes

My RaspB, is now up to date BUT,

I have a another issue, my apapache doesn't work :

apache2: Syntax error on line 225 of /etc/apache2/apache2.conf: Syntax error on line 33 of  /etc/apache2/sites-enabled/000-default-le-ssl.conf: Could not open configuration file /etc/letsencrypt/options-ssl-apache.conf: No such file or directory 

So do do this :
1°) cleaning
sudo cd /etc/apache2/sites-enabled/
sudo mv 000-default-le-ssl.conf 000-default-le-ssl.conf-disabled

2°) Re-config
apache2ctl configtest

3°) Update Certbot
sudo sudo /etc/certbot-auto renew

4°) Asking for a new Certificat :
sudo ./certbot-auto --apache -d rasp.chantiers.net

Now, it's works !

Thank you !

1 Like

I see you're using the certbot-auto script now. That script is being deprecated and might stop functioning somewhere in the future.

I did not know :frowning:

Is there a another solution to renew my certificats in the future ?

Is there a reason why you've switched to certbot-auto? I assumed you were using the certbot package from Rasbian earlier.

Ah!
I have both.
I mix between them :frowning:

So you advise to delete certbot-auto and only use the certbot package from Rasbia ?

Well, the certbot-auto script does have it advantages: it will always upgrade itself to the newest version.

The latest package from Rasbian might be very old. Hopefully more recent than the 0.28 you mentioned in your first post, but might be quite old nonetheless.

You could just keep using the certbot-auto script and see how long it keeps alive. Just don't try to renew your cert a day before it expires, because if there's something not working with the certbot-auto script and you can't fix it within that day, you'll end up with an expired cert.

understood !
thank you
Dji