Mistakes in updating certificates! SOS

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
wksu.kz
I ran this command:
sudo ./certbot-auto
It produced this output:
Bootstrapping dependencies for Debian-based OSes… (you can skip this with --no -bootstrap)
В кэше http://security.ubuntu.com trusty-security InRelease
Игн http://kz.archive.ubuntu.com trusty InRelease

В кэше http://security.ubuntu.com trusty-security/restricted i386 Packages
В кэше http://kz.archive.ubuntu.com trusty-updates/multiverse amd64 Packages
В кэше http://security.ubuntu.com trusty-security/universe i386 Packages

В кэше http://kz.archive.ubuntu.com trusty-backports/multiverse amd64 Packages
В кэше http://kz.archive.ubuntu.com trusty-backports/main i386 Packages

В кэше http://kz.archive.ubuntu.com trusty/universe i386 Packages
В кэше http://kz.archive.ubuntu.com trusty/multiverse i386 Packages

Игн http://kz.archive.ubuntu.com trusty/universe Translation-ru_RU
Чтение списков пакетов… Готово
Чтение списков пакетов… Готово
Построение дерева зависимостей
Чтение информации о состоянии… Готово
gcc is already the newest version.
python is already the newest version.
python-dev is already the newest version.
augeas-lenses is already the newest version.
ca-certificates is already the newest version.
libaugeas0 is already the newest version.
libffi-dev is already the newest version.
libssl-dev is already the newest version.
openssl is already the newest version.
python-virtualenv is already the newest version.
обновлено 0, установлено 0 новых пакетов, для удаления отмечено 0 пакетов, и 244 пакетов не обновлено.
./certbot-auto has insecure permissions!
To learn how to fix them, visit Certbot-auto deployment best practices
Creating virtual environment…
Installing Python packages…
Had a problem while installing Python packages.

pip prints the following errors:

Collecting ConfigArgParse==0.14.0 (from -r /tmp/tmp.wqfHGPasjF/letsencrypt-auto-requirements.txt (line 12))
/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/vendor/requests/packages/urllib3/util/ssl.py:318: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/security.html#snimissingwarning.
SNIMissingWarning
/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/vendor/requests/packages/urllib3/util/ssl.py:122: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
Could not fetch URL https://pypi.python.org/simple/configargparse/: There was a problem confirming the ssl certificate: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed - skipping
Could not find a version that satisfies the requirement ConfigArgParse==0.14.0 (from -r /tmp/tmp.wqfHGPasjF/letsencrypt-auto-requirements.txt (line 12)) (from versions: )
No matching distribution found for ConfigArgParse==0.14.0 (from -r /tmp/tmp.wqfHGPasjF/letsencrypt-auto-requirements.txt (line 12))

Certbot has problem setting up the virtual environment.

We were not be able to guess the right solution from your pip
output.

Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-environment
for possible solutions.
You may also find some support resources at https://certbot.eff.org/support/ .

My web server is (include version):
Apache/2.4.7

The operating system my web server runs on is (include version):
Ubuntu 14.04.3 LTS (GNU/Linux 3.19.0-25-generic x86_64)

My hosting provider, if applicable, is:
KazakhTelecom

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): LE_AUTO_VERSION=“1.0.0”

1 Like

Please detail the steps taken when you installed certbot-auto.
Thanks.

2 Likes

Every time we just run ./certbot-auto and it installs new certificates, but this time this command doesn’t work

1 Like

In two places in your output, it suggests you upgrade to a newer version of Python because as of January 2020, Python 2 is no longer supported or receiving any updates as per
https://wiki.python.org/moin/Python2orPython3 and also what appeared in your readout:
https://urllib3.readthedocs.io/en/latest/security.html#insecureplatformwarning

Python 2.7 is done as of this month. Read your results above (in bold) regarding “InsecurePlatformWarning:” Fix that first by upgrading.

1 Like