Installing certbot on Amazon Linux results in python errors


#1

I’m trying to install certbot on Amazon Linux. The following command results in a bunch of errors:

[~]$ sudo yum install certbot-nginx
Loaded plugins: priorities, update-motd, upgrade-helper
http://repos.fedorapeople.org/repos/peter/erlang/epel-latest/x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
To address this issue please refer to the below knowledge base article

https://access.redhat.com/articles/1320623

If above article doesn’t help to resolve this issue please open a ticket with Red Hat Support.

http://repos.fedorapeople.org/repos/peter/erlang/epel-latest/SRPMS/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
906 packages excluded due to repository priority protections
Resolving Dependencies
–> Running transaction check
—> Package python2-certbot-nginx.noarch 0:0.22.0-1.el7 will be installed
–> Processing Dependency: certbot > 0.21.1 for package: python2-certbot-nginx-0.22.0-1.el7.noarch
–> Processing Dependency: python2-certbot > 0.21.1 for package: python2-certbot-nginx-0.22.0-1.el7.noarch
–> Processing Dependency: pyparsing for package: python2-certbot-nginx-0.22.0-1.el7.noarch
–> Running transaction check
—> Package certbot.noarch 0:0.22.0-1.el7 will be installed
–> Processing Dependency: /usr/sbin/semanage for package: certbot-0.22.0-1.el7.noarch
–> Processing Dependency: systemd for package: certbot-0.22.0-1.el7.noarch
–> Processing Dependency: systemd for package: certbot-0.22.0-1.el7.noarch
—> Package python2-certbot.noarch 0:0.22.0-1.el7 will be installed
–> Processing Dependency: python2-acme > 0.21.1 for package: python2-certbot-0.22.0-1.el7.noarch
–> Processing Dependency: python-configobj for package: python2-certbot-0.22.0-1.el7.noarch
–> Processing Dependency: python-parsedatetime for package: python2-certbot-0.22.0-1.el7.noarch
–> Processing Dependency: python-setuptools for package: python2-certbot-0.22.0-1.el7.noarch
–> Processing Dependency: python-zope-component for package: python2-certbot-0.22.0-1.el7.noarch
–> Processing Dependency: python-zope-interface for package: python2-certbot-0.22.0-1.el7.noarch
–> Processing Dependency: python2-configargparse for package: python2-certbot-0.22.0-1.el7.noarch
–> Processing Dependency: python2-cryptography for package: python2-certbot-0.22.0-1.el7.noarch
–> Processing Dependency: python2-future for package: python2-certbot-0.22.0-1.el7.noarch
–> Processing Dependency: python2-josepy for package: python2-certbot-0.22.0-1.el7.noarch
–> Processing Dependency: python2-mock for package: python2-certbot-0.22.0-1.el7.noarch
–> Processing Dependency: python2-pyrfc3339 for package: python2-certbot-0.22.0-1.el7.noarch
–> Processing Dependency: pytz for package: python2-certbot-0.22.0-1.el7.noarch
—> Package python26-pyparsing.noarch 0:1.5.6-9.4.amzn1 will be installed
–> Running transaction check
—> Package certbot.noarch 0:0.22.0-1.el7 will be installed
–> Processing Dependency: systemd for package: certbot-0.22.0-1.el7.noarch
–> Processing Dependency: systemd for package: certbot-0.22.0-1.el7.noarch
—> Package policycoreutils-python.x86_64 0:2.1.12-5.25.amzn1 will be installed
–> Processing Dependency: setools-libs-python(python27) >= 3.3.7-14 for package: policycoreutils-python-2.1.12-5.25.amzn1.x86_64
–> Processing Dependency: libsemanage-python(python27) >= 2.1.6-3 for package: policycoreutils-python-2.1.12-5.25.amzn1.x86_64
–> Processing Dependency: audit-libs-python(python27) >= 2.1.3-4 for package: policycoreutils-python-2.1.12-5.25.amzn1.x86_64
–> Processing Dependency: selinux-policy-devel for package: policycoreutils-python-2.1.12-5.25.amzn1.x86_64
–> Processing Dependency: python27-IPy for package: policycoreutils-python-2.1.12-5.25.amzn1.x86_64
–> Processing Dependency: libselinux-python(python27) for package: policycoreutils-python-2.1.12-5.25.amzn1.x86_64
—> Package python-zope-component.noarch 1:4.1.0-3.el7 will be installed
–> Processing Dependency: python-zope-event for package: 1:python-zope-component-4.1.0-3.el7.noarch
—> Package python2-acme.noarch 0:0.22.0-1.el7 will be installed
–> Processing Dependency: pyOpenSSL >= 0.13 for package: python2-acme-0.22.0-1.el7.noarch
–> Processing Dependency: python-ndg_httpsclient for package: python2-acme-0.22.0-1.el7.noarch
–> Processing Dependency: python2-cryptography for package: python2-acme-0.22.0-1.el7.noarch
–> Processing Dependency: python2-pyasn1 for package: python2-acme-0.22.0-1.el7.noarch
–> Processing Dependency: python2-requests for package: python2-acme-0.22.0-1.el7.noarch
–> Processing Dependency: python2-six for package: python2-acme-0.22.0-1.el7.noarch
—> Package python2-certbot.noarch 0:0.22.0-1.el7 will be installed
–> Processing Dependency: python2-cryptography for package: python2-certbot-0.22.0-1.el7.noarch
—> Package python2-configargparse.noarch 0:0.11.0-1.el7 will be installed
—> Package python2-future.noarch 0:0.16.0-6.el7 will be installed
—> Package python2-josepy.noarch 0:1.0.1-1.el7 will be installed
–> Processing Dependency: pyOpenSSL for package: python2-josepy-1.0.1-1.el7.noarch
–> Processing Dependency: python-six for package: python2-josepy-1.0.1-1.el7.noarch
–> Processing Dependency: python2-cryptography for package: python2-josepy-1.0.1-1.el7.noarch
—> Package python2-mock.noarch 0:1.0.1-9.el7 will be installed
—> Package python2-parsedatetime.noarch 0:2.4-5.el7 will be installed
—> Package python2-pyrfc3339.noarch 0:1.0-2.el7 will be installed
—> Package python26-configobj.noarch 0:4.7.2-7.15.amzn1 will be installed
—> Package python26-pytz.noarch 0:2010h-2.6.amzn1 will be installed
—> Package python26-setuptools.noarch 0:36.2.7-1.33.amzn1 will be installed
–> Processing Dependency: python26-backports-ssl_match_hostname for package: python26-setuptools-36.2.7-1.33.amzn1.noarch
—> Package python26-zope-interface.x86_64 0:3.5.2-2.1.8.amzn1 will be installed
–> Processing Dependency: python26-zope-filesystem for package: python26-zope-interface-3.5.2-2.1.8.amzn1.x86_64
–> Running transaction check
—> Package audit-libs-python.x86_64 0:2.6.5-3.28.amzn1 will be installed
—> Package certbot.noarch 0:0.22.0-1.el7 will be installed
–> Processing Dependency: systemd for package: certbot-0.22.0-1.el7.noarch
–> Processing Dependency: systemd for package: certbot-0.22.0-1.el7.noarch
—> Package libselinux-python.x86_64 0:2.1.10-3.22.amzn1 will be installed
—> Package libsemanage-python.x86_64 0:2.1.6-3.13.amzn1 will be installed
—> Package python-ndg_httpsclient.noarch 0:0.3.2-1.el7 will be installed
–> Processing Dependency: python-pyasn1 for package: python-ndg_httpsclient-0.3.2-1.el7.noarch
—> Package python-zope-event.noarch 0:4.0.3-2.el7 will be installed
—> Package python2-acme.noarch 0:0.22.0-1.el7 will be installed
–> Processing Dependency: pyOpenSSL >= 0.13 for package: python2-acme-0.22.0-1.el7.noarch
–> Processing Dependency: python2-cryptography for package: python2-acme-0.22.0-1.el7.noarch
–> Processing Dependency: python2-pyasn1 for package: python2-acme-0.22.0-1.el7.noarch
—> Package python2-certbot.noarch 0:0.22.0-1.el7 will be installed
–> Processing Dependency: python2-cryptography for package: python2-certbot-0.22.0-1.el7.noarch
—> Package python2-josepy.noarch 0:1.0.1-1.el7 will be installed
–> Processing Dependency: python2-cryptography for package: python2-josepy-1.0.1-1.el7.noarch
—> Package python2-requests.noarch 0:2.6.0-0.el7 will be installed
–> Processing Dependency: python-requests >= 2.6.0 for package: python2-requests-2.6.0-0.el7.noarch
—> Package python2-six.noarch 0:1.9.0-0.el7 will be installed
–> Processing Dependency: python-six >= 1.9.0 for package: python2-six-1.9.0-0.el7.noarch
—> Package python26-backports-ssl_match_hostname.noarch 0:3.4.0.2-1.12.amzn1 will be installed
–> Processing Dependency: python26-backports for package: python26-backports-ssl_match_hostname-3.4.0.2-1.12.amzn1.noarch
—> Package python26-pyOpenSSL.x86_64 0:0.10-2.8.amzn1 will be installed
—> Package python26-six.noarch 0:1.8.0-1.23.amzn1 will be installed
—> Package python26-zope-filesystem.x86_64 0:1-5.8.amzn1 will be installed
—> Package python27-IPy.noarch 0:0.75-1.6.6.amzn1 will be installed
—> Package selinux-policy.noarch 0:3.10.0-98.26.amzn1 will be installed
–> Processing Dependency: m4 for package: selinux-policy-3.10.0-98.26.amzn1.noarch
—> Package setools-libs-python.x86_64 0:3.3.7-34.23.amzn1 will be installed
–> Processing Dependency: setools-libs(x86-64) = 3.3.7-34.23.amzn1 for package: setools-libs-python-3.3.7-34.23.amzn1.x86_64
–> Processing Dependency: libqpol.so.1(VERS_1.5)(64bit) for package: setools-libs-python-3.3.7-34.23.amzn1.x86_64
–> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package: setools-libs-python-3.3.7-34.23.amzn1.x86_64
–> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package: setools-libs-python-3.3.7-34.23.amzn1.x86_64
–> Processing Dependency: libqpol.so.1()(64bit) for package: setools-libs-python-3.3.7-34.23.amzn1.x86_64
–> Running transaction check
—> Package certbot.noarch 0:0.22.0-1.el7 will be installed
–> Processing Dependency: systemd for package: certbot-0.22.0-1.el7.noarch
–> Processing Dependency: systemd for package: certbot-0.22.0-1.el7.noarch
—> Package m4.x86_64 0:1.4.16-9.10.amzn1 will be installed
—> Package python2-acme.noarch 0:0.22.0-1.el7 will be installed
–> Processing Dependency: pyOpenSSL >= 0.13 for package: python2-acme-0.22.0-1.el7.noarch
–> Processing Dependency: python2-cryptography for package: python2-acme-0.22.0-1.el7.noarch
–> Processing Dependency: python2-pyasn1 for package: python2-acme-0.22.0-1.el7.noarch
—> Package python2-certbot.noarch 0:0.22.0-1.el7 will be installed
–> Processing Dependency: python2-cryptography for package: python2-certbot-0.22.0-1.el7.noarch
—> Package python2-josepy.noarch 0:1.0.1-1.el7 will be installed
–> Processing Dependency: python2-cryptography for package: python2-josepy-1.0.1-1.el7.noarch
—> Package python2-requests.noarch 0:2.6.0-0.el7 will be installed
–> Processing Dependency: python-requests >= 2.6.0 for package: python2-requests-2.6.0-0.el7.noarch
—> Package python2-six.noarch 0:1.9.0-0.el7 will be installed
–> Processing Dependency: python-six >= 1.9.0 for package: python2-six-1.9.0-0.el7.noarch
—> Package python26-backports.x86_64 0:1.0-3.14.amzn1 will be installed
—> Package python26-pyasn1.noarch 0:0.1.7-2.9.amzn1 will be installed
—> Package setools-libs.x86_64 0:3.3.7-34.23.amzn1 will be installed
–> Finished Dependency Resolution
Error: Package: certbot-0.22.0-1.el7.noarch (epel)
Requires: systemd
Error: Package: python2-requests-2.6.0-0.el7.noarch (epel)
Requires: python-requests >= 2.6.0
Available: python26-requests-1.2.3-5.10.amzn1.noarch (amzn-main)
python-requests = 1.2.3-5.10.amzn1
Error: Package: python2-six-1.9.0-0.el7.noarch (epel)
Requires: python-six >= 1.9.0
Installing: python26-six-1.8.0-1.23.amzn1.noarch (amzn-main)
python-six = 1.8.0-1.23.amzn1
Error: Package: python2-acme-0.22.0-1.el7.noarch (epel)
Requires: pyOpenSSL >= 0.13
Installing: python26-pyOpenSSL-0.10-2.8.amzn1.x86_64 (amzn-main)
pyOpenSSL = 0.10-2.8.amzn1
Error: Package: python2-josepy-1.0.1-1.el7.noarch (epel)
Requires: python2-cryptography
Error: Package: python2-certbot-0.22.0-1.el7.noarch (epel)
Requires: python2-cryptography
Error: Package: python2-acme-0.22.0-1.el7.noarch (epel)
Requires: python2-pyasn1
Error: Package: python2-acme-0.22.0-1.el7.noarch (epel)
Requires: python2-cryptography
Error: Package: python2-acme-0.22.0-1.el7.noarch (epel)
Requires: pyOpenSSL >= 0.13
Available: python26-pyOpenSSL-0.10-2.8.amzn1.x86_64 (amzn-main)
pyOpenSSL = 0.10-2.8.amzn1
You could try using --skip-broken to work around the problem
** Found 1 pre-existing rpmdb problem(s), ‘yum check’ output follows:
rabbitmq-server-3.6.6-1.el6.noarch has missing requires of erlang >= (‘0’, ‘R16B’, ‘03’)


I can not install the certificate
#2

Installing Certbot on the Amazon Linux AMIs is a bit tricky.

Amazon themselves publish some information about it here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html#letsencrypt

Do you still get the packaging problems while following that guide?

Edit: I just tried out those instructions on a fresh instance, and they indeed are broken :confused: . @schoen does anyone need to be tagged about it?


#3

Darn, that’s unfortunate. Do you know how quickly this can be fixed? Some of the customers of my website are complaining about their browser throwing warnings at them about the safety of the website.


#4

You can try install it directly from pip as shown in this comment: https://github.com/certbot/certbot/issues/1680#issuecomment-358728515

Otherwise, I’d suggest trying a different client with less complicated dependencies, such as acme.sh or acmetool or anything from https://letsencrypt.org/docs/client-options/


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.