Hello guys, updated my LE-script today and I use AML so I though to give some feedback:
Here my report from my tests! Cheers!
`This has been tested in a fresh Amazon Linux instance.
sudo yum update
sudo su
yum install git
cd /opt
git clone GitHub - certbot/certbot: Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
cd letsencrypt
./letsencrypt-auto --help
WARNING: Amazon Linux support is very experimental at present...
if you would like to work on improving it, please ensure you have backups
and then run this script again with the --debug flag!
./letsencrypt-auto --help --debug
Installed:
augeas-libs.x86_64 0:1.0.0-5.7.amzn1 dialog.x86_64 0:1.1-9.20080819.1.5.amzn1
gcc.noarch 0:4.8.3-3.20.amzn1 libffi-devel.x86_64 0:3.0.13-11.4.amzn1
openssl-devel.x86_64 1:1.0.1k-13.88.amzn1 system-rpm-config.noarch 0:9.0.3-42.27.amzn1
Dependency Installed:
cpp48.x86_64 0:4.8.3-9.109.amzn1 gcc48.x86_64 0:4.8.3-9.109.amzn1
glibc-devel.x86_64 0:2.17-106.163.amzn1 glibc-headers.x86_64 0:2.17-106.163.amzn1
kernel-headers.x86_64 0:4.1.13-19.31.amzn1 keyutils-libs-devel.x86_64 0:1.5.8-3.12.amzn1
krb5-devel.x86_64 0:1.13.2-10.39.amzn1 libcom_err-devel.x86_64 0:1.42.12-4.40.amzn1
libgomp.x86_64 0:4.8.3-9.109.amzn1 libmpc.x86_64 0:1.0.1-3.3.amzn1
libselinux-devel.x86_64 0:2.1.10-3.22.amzn1 libsepol-devel.x86_64 0:2.1.7-3.12.amzn1
libverto-devel.x86_64 0:0.2.5-4.9.amzn1 mpfr.x86_64 0:3.1.1-4.14.amzn1
zlib-devel.x86_64 0:1.2.8-7.18.amzn1
Creating virtual environment...
Updating letsencrypt and virtual environment dependencies......
Requesting root privileges to run with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --help --debug
letsencrypt-auto [SUBCOMMAND] [options] [-d domain] [-d domain] ...
Ran without any issues.
If you are having trouble, this is a fix I have to use on my current install of Amazon Linux.
If you use another user then root, you may pay attention to the paths, absolute paths here.
You can proceed just like the example above, but you are mostly to get a error like this:
./letsencrypt-auto --debug
Updating letsencrypt and virtual environment dependencies......
Requesting root privileges to run with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --debug
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/bin/letsencrypt", line 7, in
from letsencrypt.cli import main
File "/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/letsencrypt/cli.py", line 19, in
import OpenSSL
ImportError: No module named OpenSSL
This may vary, the module can be pretty much any other. (in my experience I had at least four modules failing to load to just cffi_backend)
Let's do some fixing.
cd /root/.local/share/letsencrypt/lib/python2.7/dist-packages
What you will notice is that the module that failed to load will not be is this directory, and here is where our nasty Python is looking
cd /root/.local/share/letsencrypt/local/lib64/python2.7/dist-packages
Here you probably have the missing module.
What I'm gonna do is to create symlinks to the former directory:
Pay attention to not starting creating the symlinks out of this directory below:
cd /root/.local/share/letsencrypt/lib/python2.7/dist-packages
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/cffi cffi
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/cffi-1.5.0-py2.7.egg-info cffi-1.5.0-py2.7.egg-info
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/_cffi_backend.so _cffi_backend.so
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/cryptography cryptography
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/cryptography-1.2.2-py2.7.egg-info cryptography-1.2.2-py2.7.egg-info
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/OpenSSL OpenSSL
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/psutil psutil
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/psutil-3.4.2-py2.7.egg-info psutil-3.4.2-py2.7.egg-info
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/pyOpenSSL-0.15.1.dist-info pyOpenSSL-0.15.1.dist-info
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/pyrfc3339 pyrfc3339
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/pyRFC3339-1.0.dist-info pyRFC3339-1.0.dist-info
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/werkzeug werkzeug
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/Werkzeug-0.11.3.dist-info Werkzeug-0.11.3.dist-info
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/zope/interface zope/interface
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/zope.interface-4.1.3-py2.7.egg-info zope.interface-4.1.3-py2.7.egg-info
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/zope.interface-4.1.3-py2.7-nspkg.pth zope.interface-4.1.3-py2.7-nspkg.pth`
Should be a better way to fix this, but as both directory have modules (they are the dist-packages Python uses) I confused if I suppose to let everything inside one or other, I know that this is a 64 bit Linux. Well hope that helps. And just to enforce, this is not happening in fresh installs of AML, the LE is script just warning you about being experimental but it ran without any issues.
I got to my machine and updated again, I had this issue of not finding required modules. This is happen to us because the modules are split between lib and lib64. This is not happening in a fresh install of AML. Don't know why this behaviour.
Let me give you guys some fix, this should clear the missing modules:
cd /root/.local/share/letsencrypt/lib/python2.7/dist-packages/
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/cffi cffi
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/cffi-1.4.2-py2.7.egg-info cffi-1.4.2-py2.7.egg-info
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/_cffi_backend.so _cffi_backend.so
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/cryptography
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/cryptography cryptography
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/cryptography-1.1.2-py2.7.egg-info cryptography-1.1.2-py2.7.egg-info
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/psutil psutil
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/psutil-3.3.0-py2.7.egg-info psutil-3.3.0-py2.7.egg-info
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/zope/interface zope/interface
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/zope.interface-4.1.3-py2.7.egg-info zope.interface-4.1.3-py2.7.egg-info
ln -s /root/.local/share/letsencrypt/lib64/python2.7/dist-packages/zope.interface-4.1.3-py2.7-nspkg.pth zope.interface-4.1.3-py2.7-nspkg.pth
Hope this help. If you are trying to understand, do not just run the symlink cmds, take a look into the dist-packages inside:
/root/.local/share/letsencrypt/lib/python2.7/dist-packages/
/root/.local/share/letsencrypt/lib64/python2.7/dist-packages/
LE will try to meet the modules inside the lib only, that is why it is falling for us.
felco