Issues with cerbto-auto down a rabbit hole of errors


I have an aws Linux AMI running an httpd server for a non profit’s website.

I set up an ssl certificate with cert bot back in Oct-Nov of last year. Everything went smooth. Was able to manually renew the certificates in January. Was having an issue where running dry run and updating was wiping out my httpd.conf section that had my 443 virtual host entry, which is why I am updating manually.

Went to go update today and recieved this

was reading about the cryptography.hazmat.bindings.openssl.binding missing and found a solution to the issue online that required installing some libraries with pip

went to run the command and got this

[ec2-user@ip-172-31-0-238 ~]$ pip install --upgrade pip
Collecting pip
  Downloading pip-9.0.3-py2.py3-none-any.whl (1.4MB)
    100% |████████████████████████████████| 1.4MB 818kB/s
Installing collected packages: pip
  Found existing installation: pip 9.0.1
    Uninstalling pip-9.0.1:
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/pip/", line 215, in main
    status =, args)
  File "/usr/lib/python2.7/dist-packages/pip/commands/", line 342, in run
  File "/usr/lib/python2.7/dist-packages/pip/req/", line 778, in install
  File "/usr/lib/python2.7/dist-packages/pip/req/", line 754, in uninstall
  File "/usr/lib/python2.7/dist-packages/pip/req/", line 115, in remove
    renames(path, new_path)
  File "/usr/lib/python2.7/dist-packages/pip/utils/", line 267, in renames
    shutil.move(old, new)
  File "/usr/lib64/python2.7/", line 303, in move
OSError: [Errno 13] Permission denied: '/usr/bin/pip'
You are using pip version 9.0.1, however version 9.0.3 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
[ec2-user@ip-172-31-0-238 ~]$ sudo pip install --upgrade pip
Collecting pip
  Using cached pip-9.0.3-py2.py3-none-any.whl
Installing collected packages: pip
  Found existing installation: pip 9.0.1
    Uninstalling pip-9.0.1:
      Successfully uninstalled pip-9.0.1
Successfully installed pip-9.0.3
Now pip isn't being recognized. but appears to be installed.

At this point I am wondering if I should just remove certbot-auto commandline tool and reinstall? What would that do to the current certificates? If i just remove the command line tool, they would still work being in the /letsencrypt folder

I think I would then set up a wildcard certificate for the site.

I’m just worried that the more I brute force my way through this I could wack up how the server is set up - it was set up and configured by someone else a few years ago before I started helping out. I have a decent grasp on linux and command line, however httpd and the aws linux is somewhat new for me.

Any advice would be appreciated


Nothing. It should be safe to uninstall and reinstall.
But if you are paranoid, simply backup the entire /etc/letsencrypt/ folder or any other folder of concern.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.