Issues with certbot and centos 6


#1

Please fill out the fields below so we can help you better.

My domain is: heartlandsoftware.info

I ran this command: certbot-auto

It produced this output:

Collecting certbot-apache==0.8.1 (from -r /tmp/tmp.DEBADqUfAf/letsencrypt-auto-requirements.txt (line 190))
Downloading certbot_apache-0.8.1-py2-none-any.whl (103kB)
Requirement already satisfied (use --upgrade to upgrade): setuptools>=1.0 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography==1.2.3->-r /tmp/tmp.DEBADqUfAf/letsencrypt-auto-requirements.txt (line 35))
THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
pycparser==2.14 from https://pypi.python.org/packages/74/0e/111a4349e81e2a9846129e0357e154b496559799ec34a6b27bc677247bfa/pycparser-2.14-py2.py3-none-any.whl#md5=130e8dc5b640d9339ee4056da0cdc73a (from -r /tmp/tmp.DEBADqUfAf/letsencrypt-auto-requirements.txt (line 11)):
Expected sha256 7959b4a74abdc27b312fed1c21e6caf9309ce0b29ea86b591fd2e99ecdf27f73
Got 52bcedd9180999fc7f3128b4b89ce638ffc0ffcbd136873379d5a37e4f9e7932

You are using pip version 8.0.3, however version 8.1.2 is available.
You should consider upgrading via the ‘pip install --upgrade pip’ command.

My operating system is (include version): centos 6.8 x64

My web server is (include version): haproxy

My hosting provider, if applicable, is: ovh (dedicated server with proxmox on it).

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

If you look at the package site: https://pypi.python.org/pypi/pycparser

You can see it’s uploaded yesterday… Probably an update or something worse indeed. Impossible to say from here. Could be certbot-auto's requirement list is just lagging behind (pycparser was just updated yesterday…) ór someone hacked the PIP repository :stuck_out_tongue:

See also: Certbot-auto fails while setting up virtual environment, complains about package hashes Quite the discussion about possible compromise et cetera.


#3

How do I get past this? Do I need to wait until someone updates the certbot package ?


#4

Either the certbot requirements need to be updated if the new package is genuine ór the package needs to be restored to a non-compromised version if it somehow was hacked.

Should be fixed now.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.