Unable to install certbot

Mansi · January 2, 2024, 12:53pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

snap install --classic certbot

It produced this output:

snap install --classic certbot

error: cannot install "certbot": Post "https://api.snapcraft.io/v2/snaps/refresh": dial tcp: lookup
api.snapcraft.io on [::1]:53: read udp [::1]:57459->[::1]:53: read: connection refused

My web server is (include version):

The operating system my web server runs on is (include version): RHEL 7.9

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NA

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

MikeMcQ · January 2, 2024, 3:30pm

Welcome @Mansi

That looks like your system is not resolving DNS queries. What happens with this

curl -I http://google.com

Mansi · January 3, 2024, 4:06am

==========================================
I cannot resolve google but able to do it for my URL. This system is not internet facing.

[root@mummyspdsrv01 ~]# curl -I http://google.com
curl: (6) Could not resolve host: google.com; Unknown error

[root@mummyspdsrv01 ~]# curl -I https://mumbai.myspeed.vodafoneidea.com/
HTTP/1.1 200 OK
Date: Wed, 03 Jan 2024 04:00:24 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Last-Modified: Fri, 14 Jul 2023 10:47:00 GMT
ETag: "1964-600702b200c0c"
Accept-Ranges: bytes
Content-Length: 6500
Content-Type: text/html; charset=UTF-8

You have new mail in /var/spool/mail/root

Mansi · January 3, 2024, 4:08am

Can I install certbot from the OS repository? Would there be any difference in function?

MikeMcQ · January 3, 2024, 4:19am

Certbot needs to use the public internet to reach the Let's Encrypt API to request a certificate. You must have at least outbound access to use Let's Encrypt certs.

There are ways to get certs for servers running on private networks. But, LE is not one of them.

An inbound connection to your server is also often used. But, is not required. You could use a DNS Challenge. But, an outbound connection is still necessary to make the initial cert request from your system.

MikeMcQ · January 3, 2024, 4:25am

Do you own that domain name? What do you mean by "not internet facing"?

Mansi · January 3, 2024, 4:46am

I do have a proxy server that enables me to get latest server patches from Redhat.
Can I use it in any way?

Mansi · January 3, 2024, 5:38am

The Mgmt IP does not has direct internet access (from where I login to the server) but we have Natted IP enabled from firewall end that allows internet access (only for Application purpose).

But to install Centbot or further certificate generation I cannot use internet directly. We do have a proxy server in between our server and firewall (physical).

9peppe · January 3, 2024, 6:01am

You will get an older version. It should work fine.

Mansi · January 3, 2024, 7:00am

ok, let me try installing it from the OS repo.

Osiris · January 3, 2024, 7:07am

You obviously would also need an internet connection for installing using the OS repo and beyond that, as mentioned already, also for actually using Certbot.

Note that to get a certificate, one or more challenges need to be validated, which would require either incoming access to port 80 or port 443 or controle over the DNS zone of your domain name.

Mansi · January 3, 2024, 7:52am

I have proxy server that helps me with the repository. I was able to install Python2 and Certbot.

# rpm -qa certbot
certbot-1.11.0-2.el7.noarch

Port 443 opened for http service.

ssl.conf:
Listen 443 https

rg305 · January 3, 2024, 7:58am

You may also need to instruct certbot to use the proxy server to reach LE.
[not sure if/how that can/would be done]

Mansi · January 3, 2024, 8:03am

Can you guide me where exactly I can add the proxy details for it to use in http?

rg305 · January 3, 2024, 8:12am

Sorry, I don't know of any way of forcing certbot to use a proxy.

Osiris · January 3, 2024, 8:48am

Python 2?

We're at Python 3 for quite some time already, Python 2 is ancient.

Not in Certbot directly, but it should use the common proxy environment variables.

Mansi · January 3, 2024, 8:52am

Actually certbot had a dependency to install python2...so accordingly I installed python2 on the system.

Osiris · January 3, 2024, 9:02am

Wow... Ok...

rg305 · January 3, 2024, 10:00am

Yup... Ancient!

Mansi · January 3, 2024, 1:30pm

I used the command to generate the certificate but getting below error. The service is actually running on http and not apache. Is there a separate command for http?

# systemctl status httpd.service

● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2023-11-07 19:33:32 IST; 1 months 26 days ago
     Docs: man:httpd(8)
           man:apachectl(8)
 Main PID: 1433 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           ├─ 1433 /usr/sbin/httpd -DFOREGROUND
           ├─ 3976 /usr/sbin/httpd -DFOREGROUND
           ├─ 6059 /usr/sbin/httpd -DFOREGROUND
           ├─ 6073 /usr/sbin/httpd -DFOREGROUND
           ├─ 8582 /usr/sbin/httpd -DFOREGROUND
==============================

# certbot --apache

Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested apache plugin does not appear to be installed
You have mail in /var/spool/mail/root

# cat /var/log/letsencrypt/letsencrypt.log

2024-01-03 19:00:40,587:DEBUG:certbot._internal.main:certbot version: 1.11.0
2024-01-03 19:00:40,587:DEBUG:certbot._internal.main:Location of certbot entry point: /bin/certbot
2024-01-03 19:00:40,587:DEBUG:certbot._internal.main:Arguments: ['--apache']
2024-01-03 19:00:40,587:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-01-03 19:00:40,611:DEBUG:certbot._internal.log:Root logging level set at 20
2024-01-03 19:00:40,611:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2024-01-03 19:00:40,612:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2024-01-03 19:00:40,612:DEBUG:certbot._internal.plugins.selection:No candidate plugin
2024-01-03 19:00:40,612:DEBUG:certbot._internal.plugins.selection:Selected authenticator None and installer None

Topic		Replies	Views
Unable to install certbot Ubuntu 24 server Help	12	851	September 24, 2024
Snap install of `certbot` is not at latest version Help	15	2313	February 9, 2022
Cannot install certbot due to unreachable network Help	21	596	February 21, 2024
Unable to install certbot in OPENSUSE 15.2 Help	2	895	December 24, 2021
Cant do sudo certbot --apache Help	3	596	February 15, 2022

Unable to install certbot

snap install --classic certbot

snap install --classic certbot

Related topics