Installing certbot on Amazon Linux results in python errors

I'm trying to install certbot on Amazon Linux. The following command results in a bunch of errors:

[~]$ sudo yum install certbot-nginx
Loaded plugins: priorities, update-motd, upgrade-helper
http://repos.fedorapeople.org/repos/peter/erlang/epel-latest/x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
To address this issue please refer to the below knowledge base article

[Errno 14] yum fails with HTTP/HTTPS Error 404 - Red Hat Customer Portal

If above article doesn't help to resolve this issue please open a ticket with Red Hat Support.

http://repos.fedorapeople.org/repos/peter/erlang/epel-latest/SRPMS/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
906 packages excluded due to repository priority protections
Resolving Dependencies
--> Running transaction check
---> Package python2-certbot-nginx.noarch 0:0.22.0-1.el7 will be installed
--> Processing Dependency: certbot > 0.21.1 for package: python2-certbot-nginx-0.22.0-1.el7.noarch
--> Processing Dependency: python2-certbot > 0.21.1 for package: python2-certbot-nginx-0.22.0-1.el7.noarch
--> Processing Dependency: pyparsing for package: python2-certbot-nginx-0.22.0-1.el7.noarch
--> Running transaction check
---> Package certbot.noarch 0:0.22.0-1.el7 will be installed
--> Processing Dependency: /usr/sbin/semanage for package: certbot-0.22.0-1.el7.noarch
--> Processing Dependency: systemd for package: certbot-0.22.0-1.el7.noarch
--> Processing Dependency: systemd for package: certbot-0.22.0-1.el7.noarch
---> Package python2-certbot.noarch 0:0.22.0-1.el7 will be installed
--> Processing Dependency: python2-acme > 0.21.1 for package: python2-certbot-0.22.0-1.el7.noarch
--> Processing Dependency: python-configobj for package: python2-certbot-0.22.0-1.el7.noarch
--> Processing Dependency: python-parsedatetime for package: python2-certbot-0.22.0-1.el7.noarch
--> Processing Dependency: python-setuptools for package: python2-certbot-0.22.0-1.el7.noarch
--> Processing Dependency: python-zope-component for package: python2-certbot-0.22.0-1.el7.noarch
--> Processing Dependency: python-zope-interface for package: python2-certbot-0.22.0-1.el7.noarch
--> Processing Dependency: python2-configargparse for package: python2-certbot-0.22.0-1.el7.noarch
--> Processing Dependency: python2-cryptography for package: python2-certbot-0.22.0-1.el7.noarch
--> Processing Dependency: python2-future for package: python2-certbot-0.22.0-1.el7.noarch
--> Processing Dependency: python2-josepy for package: python2-certbot-0.22.0-1.el7.noarch
--> Processing Dependency: python2-mock for package: python2-certbot-0.22.0-1.el7.noarch
--> Processing Dependency: python2-pyrfc3339 for package: python2-certbot-0.22.0-1.el7.noarch
--> Processing Dependency: pytz for package: python2-certbot-0.22.0-1.el7.noarch
---> Package python26-pyparsing.noarch 0:1.5.6-9.4.amzn1 will be installed
--> Running transaction check
---> Package certbot.noarch 0:0.22.0-1.el7 will be installed
--> Processing Dependency: systemd for package: certbot-0.22.0-1.el7.noarch
--> Processing Dependency: systemd for package: certbot-0.22.0-1.el7.noarch
---> Package policycoreutils-python.x86_64 0:2.1.12-5.25.amzn1 will be installed
--> Processing Dependency: setools-libs-python(python27) >= 3.3.7-14 for package: policycoreutils-python-2.1.12-5.25.amzn1.x86_64
--> Processing Dependency: libsemanage-python(python27) >= 2.1.6-3 for package: policycoreutils-python-2.1.12-5.25.amzn1.x86_64
--> Processing Dependency: audit-libs-python(python27) >= 2.1.3-4 for package: policycoreutils-python-2.1.12-5.25.amzn1.x86_64
--> Processing Dependency: selinux-policy-devel for package: policycoreutils-python-2.1.12-5.25.amzn1.x86_64
--> Processing Dependency: python27-IPy for package: policycoreutils-python-2.1.12-5.25.amzn1.x86_64
--> Processing Dependency: libselinux-python(python27) for package: policycoreutils-python-2.1.12-5.25.amzn1.x86_64
---> Package python-zope-component.noarch 1:4.1.0-3.el7 will be installed
--> Processing Dependency: python-zope-event for package: 1:python-zope-component-4.1.0-3.el7.noarch
---> Package python2-acme.noarch 0:0.22.0-1.el7 will be installed
--> Processing Dependency: pyOpenSSL >= 0.13 for package: python2-acme-0.22.0-1.el7.noarch
--> Processing Dependency: python-ndg_httpsclient for package: python2-acme-0.22.0-1.el7.noarch
--> Processing Dependency: python2-cryptography for package: python2-acme-0.22.0-1.el7.noarch
--> Processing Dependency: python2-pyasn1 for package: python2-acme-0.22.0-1.el7.noarch
--> Processing Dependency: python2-requests for package: python2-acme-0.22.0-1.el7.noarch
--> Processing Dependency: python2-six for package: python2-acme-0.22.0-1.el7.noarch
---> Package python2-certbot.noarch 0:0.22.0-1.el7 will be installed
--> Processing Dependency: python2-cryptography for package: python2-certbot-0.22.0-1.el7.noarch
---> Package python2-configargparse.noarch 0:0.11.0-1.el7 will be installed
---> Package python2-future.noarch 0:0.16.0-6.el7 will be installed
---> Package python2-josepy.noarch 0:1.0.1-1.el7 will be installed
--> Processing Dependency: pyOpenSSL for package: python2-josepy-1.0.1-1.el7.noarch
--> Processing Dependency: python-six for package: python2-josepy-1.0.1-1.el7.noarch
--> Processing Dependency: python2-cryptography for package: python2-josepy-1.0.1-1.el7.noarch
---> Package python2-mock.noarch 0:1.0.1-9.el7 will be installed
---> Package python2-parsedatetime.noarch 0:2.4-5.el7 will be installed
---> Package python2-pyrfc3339.noarch 0:1.0-2.el7 will be installed
---> Package python26-configobj.noarch 0:4.7.2-7.15.amzn1 will be installed
---> Package python26-pytz.noarch 0:2010h-2.6.amzn1 will be installed
---> Package python26-setuptools.noarch 0:36.2.7-1.33.amzn1 will be installed
--> Processing Dependency: python26-backports-ssl_match_hostname for package: python26-setuptools-36.2.7-1.33.amzn1.noarch
---> Package python26-zope-interface.x86_64 0:3.5.2-2.1.8.amzn1 will be installed
--> Processing Dependency: python26-zope-filesystem for package: python26-zope-interface-3.5.2-2.1.8.amzn1.x86_64
--> Running transaction check
---> Package audit-libs-python.x86_64 0:2.6.5-3.28.amzn1 will be installed
---> Package certbot.noarch 0:0.22.0-1.el7 will be installed
--> Processing Dependency: systemd for package: certbot-0.22.0-1.el7.noarch
--> Processing Dependency: systemd for package: certbot-0.22.0-1.el7.noarch
---> Package libselinux-python.x86_64 0:2.1.10-3.22.amzn1 will be installed
---> Package libsemanage-python.x86_64 0:2.1.6-3.13.amzn1 will be installed
---> Package python-ndg_httpsclient.noarch 0:0.3.2-1.el7 will be installed
--> Processing Dependency: python-pyasn1 for package: python-ndg_httpsclient-0.3.2-1.el7.noarch
---> Package python-zope-event.noarch 0:4.0.3-2.el7 will be installed
---> Package python2-acme.noarch 0:0.22.0-1.el7 will be installed
--> Processing Dependency: pyOpenSSL >= 0.13 for package: python2-acme-0.22.0-1.el7.noarch
--> Processing Dependency: python2-cryptography for package: python2-acme-0.22.0-1.el7.noarch
--> Processing Dependency: python2-pyasn1 for package: python2-acme-0.22.0-1.el7.noarch
---> Package python2-certbot.noarch 0:0.22.0-1.el7 will be installed
--> Processing Dependency: python2-cryptography for package: python2-certbot-0.22.0-1.el7.noarch
---> Package python2-josepy.noarch 0:1.0.1-1.el7 will be installed
--> Processing Dependency: python2-cryptography for package: python2-josepy-1.0.1-1.el7.noarch
---> Package python2-requests.noarch 0:2.6.0-0.el7 will be installed
--> Processing Dependency: python-requests >= 2.6.0 for package: python2-requests-2.6.0-0.el7.noarch
---> Package python2-six.noarch 0:1.9.0-0.el7 will be installed
--> Processing Dependency: python-six >= 1.9.0 for package: python2-six-1.9.0-0.el7.noarch
---> Package python26-backports-ssl_match_hostname.noarch 0:3.4.0.2-1.12.amzn1 will be installed
--> Processing Dependency: python26-backports for package: python26-backports-ssl_match_hostname-3.4.0.2-1.12.amzn1.noarch
---> Package python26-pyOpenSSL.x86_64 0:0.10-2.8.amzn1 will be installed
---> Package python26-six.noarch 0:1.8.0-1.23.amzn1 will be installed
---> Package python26-zope-filesystem.x86_64 0:1-5.8.amzn1 will be installed
---> Package python27-IPy.noarch 0:0.75-1.6.6.amzn1 will be installed
---> Package selinux-policy.noarch 0:3.10.0-98.26.amzn1 will be installed
--> Processing Dependency: m4 for package: selinux-policy-3.10.0-98.26.amzn1.noarch
---> Package setools-libs-python.x86_64 0:3.3.7-34.23.amzn1 will be installed
--> Processing Dependency: setools-libs(x86-64) = 3.3.7-34.23.amzn1 for package: setools-libs-python-3.3.7-34.23.amzn1.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.5)(64bit) for package: setools-libs-python-3.3.7-34.23.amzn1.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package: setools-libs-python-3.3.7-34.23.amzn1.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package: setools-libs-python-3.3.7-34.23.amzn1.x86_64
--> Processing Dependency: libqpol.so.1()(64bit) for package: setools-libs-python-3.3.7-34.23.amzn1.x86_64
--> Running transaction check
---> Package certbot.noarch 0:0.22.0-1.el7 will be installed
--> Processing Dependency: systemd for package: certbot-0.22.0-1.el7.noarch
--> Processing Dependency: systemd for package: certbot-0.22.0-1.el7.noarch
---> Package m4.x86_64 0:1.4.16-9.10.amzn1 will be installed
---> Package python2-acme.noarch 0:0.22.0-1.el7 will be installed
--> Processing Dependency: pyOpenSSL >= 0.13 for package: python2-acme-0.22.0-1.el7.noarch
--> Processing Dependency: python2-cryptography for package: python2-acme-0.22.0-1.el7.noarch
--> Processing Dependency: python2-pyasn1 for package: python2-acme-0.22.0-1.el7.noarch
---> Package python2-certbot.noarch 0:0.22.0-1.el7 will be installed
--> Processing Dependency: python2-cryptography for package: python2-certbot-0.22.0-1.el7.noarch
---> Package python2-josepy.noarch 0:1.0.1-1.el7 will be installed
--> Processing Dependency: python2-cryptography for package: python2-josepy-1.0.1-1.el7.noarch
---> Package python2-requests.noarch 0:2.6.0-0.el7 will be installed
--> Processing Dependency: python-requests >= 2.6.0 for package: python2-requests-2.6.0-0.el7.noarch
---> Package python2-six.noarch 0:1.9.0-0.el7 will be installed
--> Processing Dependency: python-six >= 1.9.0 for package: python2-six-1.9.0-0.el7.noarch
---> Package python26-backports.x86_64 0:1.0-3.14.amzn1 will be installed
---> Package python26-pyasn1.noarch 0:0.1.7-2.9.amzn1 will be installed
---> Package setools-libs.x86_64 0:3.3.7-34.23.amzn1 will be installed
--> Finished Dependency Resolution
Error: Package: certbot-0.22.0-1.el7.noarch (epel)
Requires: systemd
Error: Package: python2-requests-2.6.0-0.el7.noarch (epel)
Requires: python-requests >= 2.6.0
Available: python26-requests-1.2.3-5.10.amzn1.noarch (amzn-main)
python-requests = 1.2.3-5.10.amzn1
Error: Package: python2-six-1.9.0-0.el7.noarch (epel)
Requires: python-six >= 1.9.0
Installing: python26-six-1.8.0-1.23.amzn1.noarch (amzn-main)
python-six = 1.8.0-1.23.amzn1
Error: Package: python2-acme-0.22.0-1.el7.noarch (epel)
Requires: pyOpenSSL >= 0.13
Installing: python26-pyOpenSSL-0.10-2.8.amzn1.x86_64 (amzn-main)
pyOpenSSL = 0.10-2.8.amzn1
Error: Package: python2-josepy-1.0.1-1.el7.noarch (epel)
Requires: python2-cryptography
Error: Package: python2-certbot-0.22.0-1.el7.noarch (epel)
Requires: python2-cryptography
Error: Package: python2-acme-0.22.0-1.el7.noarch (epel)
Requires: python2-pyasn1
Error: Package: python2-acme-0.22.0-1.el7.noarch (epel)
Requires: python2-cryptography
Error: Package: python2-acme-0.22.0-1.el7.noarch (epel)
Requires: pyOpenSSL >= 0.13
Available: python26-pyOpenSSL-0.10-2.8.amzn1.x86_64 (amzn-main)
pyOpenSSL = 0.10-2.8.amzn1
You could try using --skip-broken to work around the problem
** Found 1 pre-existing rpmdb problem(s), 'yum check' output follows:
rabbitmq-server-3.6.6-1.el6.noarch has missing requires of erlang >= ('0', 'R16B', '03')

Installing Certbot on the Amazon Linux AMIs is a bit tricky.

Amazon themselves publish some information about it here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html#letsencrypt

Do you still get the packaging problems while following that guide?

Edit: I just tried out those instructions on a fresh instance, and they indeed are broken :confused: . @schoen does anyone need to be tagged about it?

Darn, that’s unfortunate. Do you know how quickly this can be fixed? Some of the customers of my website are complaining about their browser throwing warnings at them about the safety of the website.

You can try install it directly from pip as shown in this comment: https://github.com/certbot/certbot/issues/1680#issuecomment-358728515

Otherwise, I’d suggest trying a different client with less complicated dependencies, such as acme.sh or acmetool or anything from https://letsencrypt.org/docs/client-options/

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.