Problem renewing certs from cron job

I’m using certbot on a number of servers without issue. On one server, I am having troubles. When executed from a cron job, I get this error:

Error: couldn’t get currently installed version for //.local/share/letsencrypt/bin/letsencrypt:
//.local/share/letsencrypt/lib64/python2.6/site-packages/cryptography/init.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
An unexpected error occurred:
VersionConflict: (setuptools 0.9.8 (/.local/share/letsencrypt/lib/python2.6/site-packages), Requirement.parse(‘setuptools>=1.0’))
Please see the logfile ‘/tmp/tmplXMfWt’ for more details.

This is a Centos 6.9 server with kernel:
Linux XXX 2.6.32-042stab116.1 #1 SMP Wed May 4 16:21:02 MSK 2016 x86_64 x86_64 x86_64 GNU/Linux

The log file contains:

2017-07-19 14:59:03,194:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “//.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “//.local/share/letsencrypt/lib64/python2.6/site-packages/certbot/main.py”, line 723, in main
plugins = plugins_disco.PluginsRegistry.find_all()
File “//.local/share/letsencrypt/lib64/python2.6/site-packages/certbot/plugins/disco.py”, line 203, in find_all
plugin_ep = PluginEntryPoint(entry_point)
File “//.local/share/letsencrypt/lib64/python2.6/site-packages/certbot/plugins/disco.py”, line 50, in init
self.plugin_cls = entry_point.load()
File “//.local/share/letsencrypt/lib64/python2.6/site-packages/pkg_resources/init.py”, line 2201, in load
self.require(*args, **kwargs)
File “//.local/share/letsencrypt/lib64/python2.6/site-packages/pkg_resources/init.py”, line 2218, in require
items = working_set.resolve(reqs, env, installer)
File “//.local/share/letsencrypt/lib64/python2.6/site-packages/pkg_resources/init.py”, line 835, in resolve
raise VersionConflict(dist, req).with_context(dependent_req)
VersionConflict: (setuptools 0.9.8 (/.local/share/letsencrypt/lib/python2.6/site-packages), Requirement.parse(‘setuptools>=1.0’))

Any ideas?

Meant to add that I can update this via command line:

[root]# /etc/httpd/certbot-auto --apache renew
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/init.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/www.XXX.conf

Cert not yet due for renewal

The following certs are not due for renewal yet:
/etc/letsencrypt/live/www.XXX/fullchain.pem (skipped)
No renewals were attempted.

Exactly what is in the cron job command?

Cron entry is:

05 2 * * * root /etc/httpd/certbot-auto renew

Requirement.parse(‘setuptools>=1.0’))

that message is about the fact your libraries may be out of date

fix libraries and dependencies and you should get the error going away

btw: you seem to be running one version of the command in CLI and another in CRON

check that as well

[root]# /etc/httpd/certbot-auto --apache renew

05 2 * * * root /etc/httpd/certbot-auto renew

The --apache will tell certbot-auto to use the apached plugin

Andrei

I have run the command both with and without --apache on both cli and
cron. Same results. Interactively it’s fine, but fails in cron.

I tried:

pip install --upgrade setuptools

It looked like a big jump in versions (or a change in how versions were
labeled). That did not change anything. Is there a special way to update
the certbot environment that appears to be separate from the main system?

try pip install --upgrade certbot-auto

Andrei

pip could not find certbot-auto. I’m including the full logs in case
it’s relevant. This machine is running Centos 6.9 which means python 2.6
by default. I must amend what I have said before. I have discovered
similar machines are now also experiencing this same issue.

[root]# pip install --upgrade certbot-auto
DEPRECATION: Python 2.6 is no longer supported by the Python core team,
please upgrade your Python. A future version of pip will drop support
for Python 2.6
Collecting certbot-auto
/usr/lib/python2.6/site-packages/pip/vendor/requests/packages/urllib3/util/ssl.py:318:
SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject
Name Indication) extension to TLS is not available on this platform.
This may cause the server to present an incorrect TLS certificate, which
can cause validation failures. You can upgrade to a newer version of
Python to solve this. For more information, see
https://urllib3.readthedocs.io/en/latest/security.html#snimissingwarning.
SNIMissingWarning
/usr/lib/python2.6/site-packages/pip/vendor/requests/packages/urllib3/util/ssl.py:122:
InsecurePlatformWarning: A true SSLContext object is not available. This
prevents urllib3 from configuring SSL appropriately and may cause
certain SSL connections to fail. You can upgrade to a newer version of
Python to solve this. For more information, see
https://urllib3.readthedocs.io/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
Could not find a version that satisfies the requirement certbot-auto
(from versions: )
No matching distribution found for certbot-auto

I opened up /etc/httpd/certbot-auto to find the version. I believe it is
the latest:

LE_AUTO_VERSION=“0.16.0”

@SwartzCr, do you mind if I keep tagging you for packaging and dependency issues?

1 Like

Go ahead. Happy to help troubleshoot. I can limp along manually until this gets sorted out.

I solved my problem and all dependency issues by switching from
certbot-auto to the http://acme.sh client. No more Python issues, it’s
all shell script and working very well.

I have this exact same issue.

pip install --upgrade setuptools

upgraded setuptools-36.2.1 to setuptools-36.2.4 which obviously didn’t fix the issue because certbot sees version 0.9.8 for some reason. Any ideas besides switching to shell script?

Nailed it. Wrong HOME environment variable set in /etc/crontab. Change

HOME=/

to

HOME=/root/

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.