Install fails on Amazon Linux

I'm running Amazon Linux AMI release 2015.09 (which is based on RHEL/Centos6) and Apache 2.4.16.

This comes with Python 2.6 by default, so I installed Python 2.7 and various dependencies…

yum -y install python27 python27-devel python27-pip python27-setuptools python27-tools python27-virtualenv

And set 2.7 as the default version of Python.

Then I followed the install directions...

git clone
cd letsencrypt

But when I get to ./letsencrypt-auto I get this error…

Sorry, I don't know how to bootstrap Let's Encrypt on your operating system!

You will need to bootstrap, configure virtualenv, and run a pip install manually
Please see Contributing — letsencrypt latest documentation
for more info

WARNING: Python 2.6 support is very experimental at present...
if you would like to work on improving it, please ensure you have backups
and then run this script again with the --debug flag!

I'm not sure what to do next. The docs don't offer a lot of help, either. Should I try the centos bootstrapper? Can anyone point me in the right direction?


Are you still having trouble with this? I had to do the following before I could run Let’s Encrypt in AWS:

sudo yum install git
sudo yum install libffi-devel
sudo yum install puppet
cd /var/app/current
git clone
cd letsencrypt
./letsencrypt-auto --server --help

My server actually had python2.7 installed already but Let’s Encrypt wouldn’t recognise it (I had to add the debug flag a lot). Have you had similar issues since installing python?

1 Like

Yup, still having issues. Amazon Linux wants you to be explicit with the versions, but Let’s Encrypt is making tons of assumptions without checking for alternatives (e.g. python27).

Looking at the script, it checks only /usr/bin/python2 - which by default points to 2.6 on AWS. Here’s how my folder structure looks at the moment…

pip -> /etc/alternatives/pip
pip-python -> pip-2.6
python -> /etc/alternatives/python
python2 -> python2.6
python2-config -> python2.6-config
python-config -> /etc/alternatives/python-config
python-config2 -> python2.6-config
python-pip -> pip-2.6
virtualenv -> /etc/alternatives/virtualenv

Also, I should point out that all the symlink alternatives on my system (python, pip, virtualenv) use the Python 2.7 versions.

Beyond that though, is the way the script checks the OS. Amazon Linux stores it’s system information in /etc/system-release and /etc/system-release-cpe for human and machine readability, respectively.

I’d modify the ./letsencrypt-auto file directly to use the correct version of python, but I’m not sure if I’ll run into other problems later… and there’s not much in the way of documentation for configuring it manually (or whether that’s even really an option).

But aside from the python issue, I still need to make the installer recognize my OS. In theory, the Red Hat version should be able to work fine on Amazon Linux, but I’d prefer confirmation before I spend the time setting up a test server to experiment on.

1 Like

yeah that's what my suggestion at Update letsencrypt-auto with CentOS6 SCL for python 2.7 by linickx · Pull Request #1172 · certbot/certbot · GitHub was for


That explains a lot - I had no idea AWS did that.

I tried to modify a few of the files that referenced python2 and didn't really get anywhere so I'd personally advise against it. Saying that, I suppose if you know what you're doing and know what to look for it might be worth a shot.

There needs to be a way to run it while manually defining which python to use.


./letsencrypt-auto --python="/usr/bin/python"

But again, the script also needs to detect Amazon Linux and handle it appropriately. Currently, it doesn’t recognize the OS.

indeed Amazon Linux AMI is slightly different from CentOS/RHEL maybe they can use some of Amazon Linux AMI's unique identifiers like

  • /etc/image-id and/or sudo alternatives --set python /usr/bin/python2.7 if these files exist
  • if /usr/bin/python2.7 exists, but Amazon AMI uses python 2.6 default and uses alternatives to set python version as either /usr/bin/python2.6 or /usr/bin/python2.7 so to set to python 2.7 default sudo alternatives --set python /usr/bin/python2.7

might need to submit an issue under the fedora/redhat/centos label at Issues · certbot/certbot · GitHub

looks like there's one at AWS Linux errors · Issue #1458 · certbot/certbot · GitHub and Highly experimental Amazon Linux bootstrapping by pde · Pull Request #1465 · certbot/certbot · GitHub

I’ve opened a PR that fixes detection of python27:

Hi. We have an experimental branch to support Amazon Linux. Just run git checkout amazonlinux before doing ./letsencrypt-auto. Let us know at if it’s working for you, and/or if you’ve also tested it on other RPM based systems.

1 Like

(We’ve also merged the python27 branch)

1 Like

Hello @Veraxus,
I encountered this same warning with amazon-linux-ami/2015.09
> WARNING: Amazon Linux support is very experimental at present...
> if you would like to work on improving it, please ensure you have backups
> and then run this script again with the --debug flag!

As ec2-user, I was able to manually install the new ssl certificates:

  • First install python 2.7 with development libraries. Header libs are needed to compile letsencrypt.
    sudo yum install python27
    sudo yum install python27-devel

  • Update python symlinks to use 2.7
    /etc/alternatives/python -> /usr/bin/python2.6
    /etc/alternatives/python -> /usr/bin/python2.7

  • Install pip for 2.7
    sudo curl | python2.7

  • Install setuptools for 2.7
    sudo easy_install setuptools
    To update pip:
    sudo pip install setuptools --upgrade

  • Stop apache service
    sudo httpd -k stop

  • Add '--debug' flag to ./letsencrypt command
    sudo ./letsencrypt-auto --agree-dev-preview --server certonly -d -d -v --debug

  • Follow setup dialog, acept agreement, etc
    Certificates are saved in /etc/letsencrypt/live/

  • Modify apache's ssl configuration
    nano /etc/conf.d/ssl.conf (common path for CentOS/RHEL)

  • Verify new settings
    httpd -S

  • Start apache service
    httpd -k start

Enjoy your fresh encryption!

1 Like

Still working, stable? have you updated it yet?

Excuse the late reply. The penguin lives on… :sunglasses:

Update: sudo curl | python2.7

I think it should be curl | sudo python2.7