Renew problem on AWS instance

Biko · September 21, 2020, 4:19pm

Hi there!, I have a problem with the renew of my domain

I ran this command: ../certbot-auto certonly --force-renew -d mandarinstream.com

It produced this output:
Requesting to rerun ./certbot-auto with root privileges...
Upgrading certbot-auto 1.6.0 to 1.8.0...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in
from certbot.main import main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 2, in
from certbot._internal import main as internal_main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/_internal/main.py", line 10, in
import josepy as jose
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/init.py", line 44, in
from josepy.interfaces import JSONDeSerializable
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 7, in
from josepy import errors, util
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 7, in
import OpenSSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/init.py", line 8, in
from OpenSSL import crypto, SSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 12, in
from cryptography import x509
ImportError: No module named cryptography

My web server is (include version): I think was a temp apache in a AWS instance.

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
the conf file:

renew_before_expiry = 30 days

version = 1.6.0
archive_dir = /etc/letsencrypt/archive/mandarinstream.com
cert = /etc/letsencrypt/live/mandarinstream.com/cert.pem
privkey = /etc/letsencrypt/live/mandarinstream.com/privkey.pem
chain = /etc/letsencrypt/live/mandarinstream.com/chain.pem
fullchain = /etc/letsencrypt/live/mandarinstream.com/fullchain.pem

Options used in the renewal process

[renewalparams]
authenticator = standalone
account = 0ac7a724c38cf7a62a6508ed5cd5b97e
server = https://acme-v02.api.letsencrypt.org/directory

rg305 · September 21, 2020, 4:36pm

Q1: Why are you using?:

Q2: Is your system up-to-date (specifically Python)?

Rip · September 21, 2020, 4:45pm

Quick Recon:
Failed to connect to mandarinstream.com port 80: Connection refused

PORT STATE SERVICE
80/tcp closed http
443/tcp closed https

ImportError: No module named cryptography

rg305 · September 21, 2020, 4:47pm

@Rip

Biko · September 21, 2020, 5:01pm

Hi Rip, thanks guys, 80 and 443 are open by far

rg305 · September 21, 2020, 5:02pm

Slow Recon...
Try using this instead (before your cert expires on 2020.10.06) of --force-renew:
--no-self-upgrade

[as you problem seems to be in the upgrade from 1.6.0 to 1.8.0]

Biko · September 21, 2020, 5:02pm

So... this is bad?,
should I change it?

rg305 · September 21, 2020, 5:03pm

Yes, you should almost never need to force anything to happen.

Biko · September 21, 2020, 5:07pm

thanks men!, no luck anyway.

./certbot-auto certonly --no-self-upgrade
Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in
from certbot.main import main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 2, in
from certbot._internal import main as internal_main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/_internal/main.py", line 10, in
import josepy as jose
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/init.py", line 44, in
from josepy.interfaces import JSONDeSerializable
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 7, in
from josepy import errors, util
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 7, in
import OpenSSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/init.py", line 8, in
from OpenSSL import crypto, SSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 12, in
from cryptography import x509
ImportError: No module named cryptography

rg305 · September 21, 2020, 5:08pm

Ouch!

OK, what about?:
sudo apt update
sudo apt upgrade

[I got more sleeves filled with tricks if that don't fix this]

Biko · September 21, 2020, 5:10pm

Sorry men, this is a AWS Linux instance, it said this:

"sudo: apt: command not found"

rg305 · September 21, 2020, 5:14pm

AWS !
OK that uses yum.
yum update

OR first
yum check-update

Biko · September 21, 2020, 5:21pm

this updates the python and more things on the AWS instance but the Certbot still on the 1.6.0

rg305 · September 21, 2020, 5:21pm

--force-renew ? ? ?
Didn't we talk about that?

rg305 · September 21, 2020, 5:22pm

I refer you to my first post:

Biko · September 21, 2020, 5:23pm

same thing

[root@ip-172-31-37-118 tools]# ./certbot-auto certonly --no-self-upgrade mandarinstream.com
Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in
from certbot.main import main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 2, in
from certbot._internal import main as internal_main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/_internal/main.py", line 10, in
import josepy as jose
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/init.py", line 44, in
from josepy.interfaces import JSONDeSerializable
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 7, in
from josepy import errors, util
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 7, in
import OpenSSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/init.py", line 8, in
from OpenSSL import crypto, SSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 12, in
from cryptography import x509
ImportError: No module named cryptography

rg305 · September 21, 2020, 5:24pm

Certbot-auto can easily be "upgraded".
Just delete it.
Then download the latest version.

Biko · September 21, 2020, 5:24pm

yes men, updated right now

rg305 · September 21, 2020, 5:25pm

Did that show anything?

Biko · September 21, 2020, 5:26pm

just this:
[root@ip-172-31-37-118 tools]# yum check-update
Failed to set locale, defaulting to C
Loaded plugins: priorities, update-motd, upgrade-helper
amzn-main | 2.1 kB 00:00:00
amzn-updates | 3.8 kB 00:00:00
Security: kernel-4.14.193-113.317.amzn1.x86_64 is an installed security update
Security: kernel-4.14.181-108.257.amzn1.x86_64 is the currently running version