Problem with certbot & python2-certbot-dns-route53 on RHEL 7


#1

Hi,

Got a problem with certbot: Once I install python2-certbot-dns-route53.noarch 0:0.29.1-2.el7 plugin certbot is crashing with below error. If I remove the mentioned plugin, certbot works fin and I am able to obtain SSL certificate. I need this plugin to also obtain wildcard certificate.

My domain is:
rhdev.totuspro.com

I ran this command:
certbot --version

It produced this output:
An unexpected error occurred:
DistributionNotFound: boto3
Please see the logfile ‘/tmp/tmp3npzoA’ for more details.

My web server is (include version):
nginx/1.12.2

The operating system my web server runs on is (include version):
RHEL 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.29.1 from python2-certbot-0.29.1-1.el7.noarch


#2

Strangely enough, there is NO packages requiring the python2-boto3 package:

https://centos.pkgs.org/7/epel-x86_64/python2-boto3-1.4.6-1.el7.noarch.rpm.html (check the Required By section… Empty…)

But it implies certbot won’t install it as a dependency unfortunately.

I’m sure your error will go away if you manually install python2-boto3.


#3

Hi Osiris,

Thanks for your help, installing python2-boto3 along with the plugin fixed the issue. This looks to me like a bug in EPEL 7 python2-certbot-dns-route53-0.29.1-2.el7.noarch “Requires” section. I am not sure where to report this though.


#4

Me neither. Perhaps @Lestaff can pick this up.

Hmm, the tagging doesn’t seem to work. Perhaps @jsha, our go-to-guy-in-times-of-panic can pick this up?


#5

I’m afraid I have no idea who packages python-certbot-route53 for RHEL. Maybe @bmw knows?


#6

Thanks for the bug report and pinging me.

I’ve reported this to our Fedora/EPEL package maintainers.


#7

The maintainer responded and is going to fix up the package. If you’re curious, there’s been some weirdness there because there was a python2-boto3 package in EPEL but RHEL added a python-boto3 package to the base repo so the python2-boto3 package had to be removed.

He asked me to forward along these instructions for working around the problem in the meantime:

The user should actually remove python2-boto3 and install python-boto3 from base

If they’re on an old version of CentOS/RHEL that doesn’t have python-boto3, then sticking with python2-boto3 should work for now, but EPEL explicitly only supports currently CentOS/RHEL, so I can’t guarantee that it will continue to work, and python2-boto3 will likely disappear at some point or be replaced with a meta package

Oh if they had python2-boto3 installed and then installed python-boto3, that could also have caused issues. One solution would be to remove python2-boto3 and then reinstall python-boto3.


#8

CentOS/RHEL/EPEL :confused: quite confusing! Can’t figure out where one could search the default RHEL repository…


#9

@bmw Thanks for this. FYI, after removing python2-boto3 and attempting to install python-boto3 instead, YUM still ends up installing the former:

---> Package python2-boto3.noarch 0:1.4.6-1.el7 will be installed

I am using most recent RHEL 7 release:

  Operating System: Red Hat Enterprise Linux Server 7.6 (Maipo)

Anyway, the naming is quite confusing and maybe it is also good idea to change all certbot packages at some point to new convention python2-certbot-* => python-certbot-*?


#10

More updates from Certbot’s EPEL package maintainer:

A fixed version will be on EPEL testing probably within 24 hours. If people want to help it hit stable, they could test it out and then give it karma here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-b3795798a3.