PIP Hashing error

Running certbot-auto fails on my rasperry pi and, although I get it’s a hashing error, I don’t know how to sort it out.

Any help apreciated

Thanks - Paul


My domain is: adt.org.uk

I ran this command: certbot-auto renew

It produced this output:
THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
pycparser==2.19 from https://www.piwheels.org/simple/pycparser/pycparser-2.19-py2.py3-none-any.whl#sha256=bc15573b7c6edd24407526dbbc7a0bd33d80d8af44231c37f58d73f56ff9cab6 (from -r /tmp/tmp.DazFxM17TE/letsencrypt-auto-requirements.txt (line 113)):
Expected sha256 a988718abfad80b6b157acce7bf130a30876d27603738ac39f140993246b25b3
Got bc15573b7c6edd24407526dbbc7a0bd33d80d8af44231c37f58d73f56ff9cab6

zope.component==4.6 from https://www.piwheels.org/simple/zope-component/zope.component-4.6-py2.py3-none-any.whl#sha256=74f55521dec189c08d98341edce929eba6bb2404662d1878f1b289af46f6f6a5 (from -r /tmp/tmp.DazFxM17TE/letsencrypt-auto-requirements.txt (line 135)):
    Expected sha256 ec2afc5bbe611dcace98bb39822c122d44743d635dafc7315b9aef25097db9e6
         Got        74f55521dec189c08d98341edce929eba6bb2404662d1878f1b289af46f6f6a5

=====================================================

Certbot has problem setting up the virtual environment.

We were not be able to guess the right solution from your pip
output.

My web server is (include version): Apache/2.4.25 (Raspbian)

The operating system my web server runs on is (include version): Raspbian GNU/Linux 9 (stretch)

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): running certbot-auto --version just reruns certbot-auto

A possibly incomplete answer to your question is: You need to disable piwheels. certbot-auto hardcodes the hashes of PyPI packages; if your pip downloads a package from piwheels, it may have a different hash, and certbot-auto will reject it.

I don’t know how to disable it, but according to the piwheels FAQ, you can "remove or comment out the extra-index-url configuration in /etc/pip.conf".

Of course, the purpose of piwheels is to provide binaries so you don’t have to compile everything. Installing certbot-auto without it involves… compiling a lot of things. Using certbot-auto on a Pi might be a bad idea. It might not even work, if you don’t have enough RAM.

You might be better off installing Certbot via apt – if it’s available on Raspbian – or using another ACME client.

Thanks, running the apt version of cerbot worked a treat.

2 Likes

I did that as well, when I used certbot on raspbian.

Disabling piwheels is not an acceptable solution :wink:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.