Installation problem

I try to install Let’s Encrypt without success. I use this guide: https://certbot.eff.org/#debianwheezy-apache
I was “googleing” many hours without solving this problem.
Could you please help me what is missing?

Debian 7.10, Apache/2.2.22 (Debian)

/opt/certbot # ./certbot-auto
Bootstrapping dependencies for Debian-based OSes…
…

Command “/root/.local/share/letsencrypt/bin/python2.7 -u -c “import setuptools, tokenize;file=’/tmp/pip-build-dOymtO/cffi/setup.py’;exec(compile(ge tattr(tokenize, ‘open’, open)(file).read().replace(’\r\n’, ‘\n’), file, ‘exec’))” install --record /tmp/pip-mHlzIW-record/install-record.txt – single-version-externally-managed --compile --install-headers /root/.local/share/letsencrypt/include/site/python2.7/cffi” failed with error code 1 in / tmp/pip-build-dOymtO/cffi
/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/vendor/requests/packages/urllib3/util/ssl.py:120: InsecurePlatformWarning: A tru e SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the ‘pip install --upgrade pip’ command.

Here you can see the full message: http://pastebin.com/0ztDrhYz
Thank you for your help in advance!

I didn’t have issue using a Debian wheezy too. But my installation are up to date using http://security.debian.org/ wheezy/updates main non-free contrib and http://ftp.debian.org/debian/ wheezy-backports main non-free contrib .

I don’t remind to have any update to do.

Maybe you need to update all CA server too ( update-ca-certificates ) ?

Thank you for your reply.
I've run aptitiude upgrade but the result seams the same to me:

And here is the result when I try to update CA server:

root@grey /opt/certbot # aptitude install ca-certificates
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 95 not upgraded.
Need to get 0 B of archives. After unpacking 0 B will be used.

I think more for update-ca-certificates, maybe .

# update-ca-certificates
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.

Yeah, I see the same output after this command:

root@grey /opt/certbot # update-ca-certificates
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
I've got the same error messages to ./certbot-auto --apache certonly

I've found some similar issues where system memory was the problem. I believe it's not the couse of my problem:

root@grey /opt/certbot # free -h
total used free shared buffers cached
Mem: 31G 30G 508M 0B 656M 22G
-/+ buffers/cache: 7.8G 23G
Swap: 15G 271M 15G

It's a pretty strange, but I don't find files for letsencrypt in /root/.local/share/

root@grey /opt/certbot # ls -la /root/.local/share/
total 12K
drwx------ 3 root root 4.0K Jan 2 20:29 .
drwx------ 3 root root 4.0K Oct 11 2013 ..
drwx------ 3 root root 4.0K Jan 2 19:46 mc

Sorry … no idea .

hi zionduc

it seems your problems are with urlib3

SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail

Reading the .SH file urlib is used to perform certain functions (i didn’t write the script so making an assumption here) and the URLs are HTTPS urls.

When you run the install does any traffic go out?

Some suggestions here:

I would write a small test python script to confirm that urllib is not funcitoning as expected and then this will confirm why the install is breaking

I tried to go this way in the past couple of days but I always got error messages (like “error: ‘__NR_getrandom’ undeclared (first use in this function)”). “The getrandom call was introduced in version 3.17 of the Linux kernel (according to its man page)” and I was able to get only 3.16 version of kernel in my Debian wheezy webserver.

Then I tried an alternative solution: https://github.com/diafygi/acme-tiny, and it just works.

Thank you for your help. I believe I will go with this acme-tiny solution.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.