I can not install the certificate


#1

I am trying to install the certificate with the commands in my AWS server Linux 2 AMI:

$ wget https://dl.eff.org/certbot-auto
$ chmod a+x certbot-auto

But i have error in this line:
$ sudo ./certbot-auto --debug -v --server https://acme-v01.api.letsencrypt.org/directory certonly -d payworld.com.br -d www.payworld.com.br

Error:

Sorry, I don’t know how to bootstrap Certbot on your operating system!

You will need to install OS dependencies, configure virtualenv, and run pip install manually.

But I already installed pip and virtualenv.

Version
pip 10.0.1
virtualenv 16.0.0
python 2.7.14

I looked for the solution in previous questions here of the community, but I could not solve.


#2

Hi,

Could you please fill in the form below so we could have more information?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Thank you for your consideration


#3

https://crt.sh/?q=payworld.com.br

My domain is: payworld.com.br

I ran this command: sudo ./certbot-auto --debug -v --server https://acme-v01.api.letsencrypt.org/directory certonly -d payworld.com.br -d www.payworld.com.br

It produced this output: Sorry, I don’t know how to bootstrap Certbot on your operating system!

You will need to install OS dependencies, configure virtualenv, and run pip install manually.

My web server is (include version): CentOS

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#4

Hi,

What’s your hosting software? (Example: Apache, Nginx etc…)

Thank you


#5

Sorry, I forgot.

CentOS


#6

Hi,

First of all, please check your PM.

For record purposes, your hosting software is Apache (I also have your openssl version)

Please try this command…

sudo ./certbot-auto --apache --debug -v --server https://acme-v01.api.letsencrypt.org/directory certonly -d payworld.com.br -d www.payworld.com.br

Also, can you confirm the exact system version? (Centos 6, Centos 7?)
cat /etc/centos-release or cat /etc/redhat-release

Thank you


#7

Hello @Rafaelhgb

this certificate

is from PositiveSSL Multi-Domain + COMODO ECC Domain Validation Secure Server CA 2. And it is valide.

Can you use this?


#8

Bom dia @Rafaelhgb,

Certbot currently doesn’t have any fully-supported installation method on Amazon Linux (in particular certbot-auto is not designed for use on this operating system), although I’ve heard that the situation has been getting better for many people. You could look at this previous thread:

There might be an Amazon-provided version of Certbot in Amazon Linux 2 or a different installation method might work.

The information that you saw about pip is not about having pip installed, but about using pip interactively to install Certbot Python packages from the PyPi repositories.

As suggested in the other thread, there are also many other Let’s Encrypt clients that have fewer dependencies and so you might have more success with one of those.


#9

Hi @stevenzhu, I can’t confirme my CentOS, the developer said it was CentOS but I think it’s apache same.

I execute this command:

sudo ./certbot-auto **--no-bootstrap** -v --server https://acme-v01.api.letsencrypt.org/directory certonly -d payworld.com.br -d www.payworld.com.br

And now with your command:

sudo ./certbot-auto **--apache** --debug -v --server https://acme-v01.api.letsencrypt.org/directory certonly -d payworld.com.br -d www.payworld.com.br

Show me that:


#10

@JuergenAuer I Can’t use this certificate.


#11

How did you get from the “Sorry, I don’t know how to bootstrap Certbot on your operating system!” error to a specific certificate authentication error, such as you now have?


#12

Obrigado @schoen, entendi :grinning:

As I had already installed on other AWS machines, I thought there was no incompatibility.

And this machine is Amazon Linux 2 AMI.

I already tried the commands of this link, which I took directly from the certbot site, but they did not work. When I run this command:

sudo yum install python-certbot-apache

Show me this:

amzn2-core
No package python-certbot-apache available.
Error: Nothing to do

I don’t know what to do.


#13

One option suggested to me by @bmw is

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html#letsencrypt

which describes how to install from EPEL. (However, if you already got the “Unable to find a virtual host” error on the new server, then you already have a working copy of Certbot there.)

Edit: or @bmw says you can try the CentOS instructions on our own site


#14

Obrigado @schoen, I will test.


#15

Boa sorte!

Cada vez em que você usar sudo ./certbot-auto, está tentando de novo com a versão auto-atualizada, então as tentativas de instalar outros pacotes de acordo com dicas minhas ou de terceiros não deveriam ter influência nenhuma nos resultados de sudo ./certbot-auto.

Os pacotes de EPEL que talvez já instalou ou instalará com yum se usariam como sudo certbot, não sudo ./certbot-auto.


#16

@schoen entendi, muito obrigado pelas dicas.

E foi justamente esse link que me ajudou, porque consegui instalar as dependências necessárias.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html#letsencrypt

Muito obrigado pela ajuda!


#17

My domain is not recognizing the certificate.

Created the VirtualHost on httpd.conf, but nothing happen:

`
<VirtualHost *:443>

ServerName payworld.com.br
ServerAlias payworld.com.br *.payworld.com.br

DocumentRoot /var/www/html
Include /etc/letsencrypt/options-ssl-apache.conf

SSLCertificateFile /etc/letsencrypt/live/payworld.com.br/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/payworld.com.br/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/payworld.com.br/fullchain.pem

`

And when I put the ssl.conf file in conf.d, the site does not work. Even pointing to the path of letsencrypt.

And it was created the httpd-le-ssl.conf on /conf.

:pensive:


#18

Certbot should already have created a virtual host for you—in that file /etc/httpd/conf/httpd-le-ssl.conf. However, possibly that file isn’t included by default? Certbot assumed that every configuration file in /etc/httpd/conf would be included automatically.

Do you have a _default_ virtual host, by any chance?


#19

No @schoen.

*I’m speaking English because I do not know if I can always speak Portuguese.

But it created the ttpd-le-ssl.conf on /conf. Bu don not work.

As far as I know I have no virtual default.


#20

Sempre agradeço quaisquer oportunidades de falar a língua portuguesa, que já se tornou a minha língua estrangeira preferida.

Também me parece que surgiu o costume nesse fórum do uso da língua da pessoa pedindo ajuda caso isso facilitar a comunicação e alguém saber aquela língua o puder se comunicar nela com a ajuda de tradução automática. Assim até onde eu sei não é obrigatório o uso de inglês aqui.

Mas se preferir continuar em inglês, tudo bem! :slight_smile:

Não sei porque não deu certo logo após a emissão do certificado, porque o Certbot disse que o instalou no seu Apache.

Então, eis dois passos possíveis para esclarecer as minhas dúvidas anteriores:

(1) Verificar se todos os arquivos dentro de /etc/httpd/conf se incluem automaticamente na configuração Apache.

(2) Tentar encontrar o virtualhost _default_ com

grep -r _default_ /etc/httpd

… Também deve existir um jeito de exibir a configuração atual inteira, tal como

apachectl -t -D DUMP_VHOSTS

Isso é um pouco diferente em vários sistemas operacionais.