Unable to install certbot-nginx on Oracle Linux 7.4

I am using an Oracle Linux 7.4 server at Microsoft Azure.

To verify version:
$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.4 (Maipo)

To install certbot:
$ sudo yum install certbot-nginx

Package python2-certbot.noarch 0:0.18.2-2.el7 will be installed

Error: Package: python2-certbot-0.18.2-2.el7.noarch (epel-testing)
_ Requires: python-zope-interface_
Error: Package: 1:python-zope-component-4.1.0-3.el7.noarch (epel)
_ Requires: python-zope-interface_

I am very new to Linux. I have without luck searched for a way out, only to realize that several faces the same challenge. If you have a solution, then please give detailed instructions.

Thanks in advance :slight_smile:

Hi @fknoll,

If you check the doc https://certbot.eff.org/#centosrhel7-nginx and follow the link to enable EPEL repository you will see that you also need the repository optional which as far as I know is only available to Red Hat paid subscriptions. On EC2 there is a way to enable these repos but I don’t know whether Azure has something similar, maybe you could ask to Azure support if there is a way to enable epel extra and optional repositories on Oracle Linux without a paid subscription.

Anyway, you can install certbot-auto and it will install all the needed packages with no complain (I’ve tested it on Oracle Linux 7.4 right now).

As root:

cd /usr/local/sbin/
#Note: If you don't have wget installed, install it: yum install wget
wget https://dl.eff.org/certbot-auto
chmod +x certbot-auto
certbot-auto --nginx

The first time you run certbot-auto it will install a few packages.

Note: If you prefer, you can also install another client with just a few dependecies like https://acme.sh

I hope this helps.

Cheers,
sahsanu

2 Likes

Thank you so much @sahsanu!

Following your instructions I easily got certbot-auto up and running including certificate and configuration!

You deserve a loud BRAVO :slight_smile:

1 Like

@fknoll, you are welcome :wink:

I forgot to say that it is a good idea to create a cron job so your certs can be renewed automatically. I propose this solution:

As root, create an cron job:

cronjob -e

And add this line at the end of the file:

41 */12 * * * /usr/local/sbin/certbot-auto renew --quiet --deploy-hook 'echo "\nI have renewed the cert located on ${RENEWED_LINEAGE} and this cert contains the following domains ${RENEWED_DOMAINS}\n\n" >&2' --post-hook "systemctl reload nginx"

And save the file.

With above cron job entry:

1.- certbot-auto will run twice a day (12:41 and 00:41).
2.- Variable ${RENEWED_LINEAGE} will point to the config live subdirectory containing the new certs and keys.
3.- Variable ${RENEWED_DOMAINS} will contain a space-delimited list of renewed cert domains.
4.- You can use --post-hook to reload/restart your services, in this example I’m reloading nginx so change it to fit your needs.

As I said, it will run twice a day but first, it will check whether any of your certs expire in less than 30 days, if the answer is no, it does nothing, if any of your certs will expire in less than 30 days, it will renew your certs, will send a mail with the domains renewed and will reload nginx.

If you want to specify a mail address to be informed then remember to add a MAILTO variable to the cronjob at the top of file, for example:

crontab -e 
MAILTO="user@domain.tld"
41 */12 * * * /usr/local/sbin/certbot-auto renew --quiet --deploy-hook 'echo "\nI have renewed the cert located on ${RENEWED_LINEAGE} and this cert contains the following domains ${RENEWED_DOMAINS}\n\n" >&2' --post-hook "systemctl reload nginx"

If you don’t specify a MAILTO variable it will send the mail to root@machine_hostname

The mail that you will receive will have this look:

Error output from None:

I have renewed the cert located on /etc/letsencrypt/live/yourdomain.tld and this cert contains the following domains yourdomain.tld example1.yourdomain.tld example2.yourdomain.tld otherdomain.tld

Hope this helps.

Cheers,
sahsanu

1 Like

Hi @sahsanu

Once again, I just followed your precise instructions … a new “cron job for automatic renewal of certificates” is now in place.

Thanks … and yet another loud BRAVO :slight_smile:

Regards,
fknoll

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.