Unable to install in RHEL 7.7 on EC2

My domain is: MANY (100 per server)

I ran this command:
As instructed, I ran this command below as per the RHEL 7 certbot instructions.
The issue seems to be that the python-zope-interface is no longer in the "optional" repos for RHEL. I have gathered that there may be a subscriber-only repo that contains this zope-interface package, but that doesn't work for EC2 users who have Amazon's RHEL OS, and have no direct subscription to RHEL.

yum -y install yum-utils
yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
yum install certbot python2-certbot-apache

It produced this output:
Loaded plugins: amazon-id, search-disabled-repos
Resolving Dependencies
--> Running transaction check
---> Package certbot.noarch 0:1.0.0-1.el7 will be installed
--> Processing Dependency: python2-certbot = 1.0.0-1.el7 for package: certbot-1.0.0-1.el7.noarch
---> Package python2-certbot-apache.noarch 0:1.0.0-1.el7 will be installed
--> Processing Dependency: python2-acme >= 0.29.0 for package: python2-certbot-apache-1.0.0-1.el7.noarch
--> Processing Dependency: pytest for package: python2-certbot-apache-1.0.0-1.el7.noarch
--> Processing Dependency: python-augeas for package: python2-certbot-apache-1.0.0-1.el7.noarch
--> Running transaction check
---> Package python-augeas.noarch 0:0.5.0-2.el7 will be installed
--> Processing Dependency: augeas-libs for package: python-augeas-0.5.0-2.el7.noarch
---> Package python2-acme.noarch 0:1.0.0-1.el7 will be installed
--> Processing Dependency: python2-josepy >= 1.1.0 for package: python2-acme-1.0.0-1.el7.noarch
--> Processing Dependency: python-ndg_httpsclient for package: python2-acme-1.0.0-1.el7.noarch
--> Processing Dependency: python-requests-toolbelt for package: python2-acme-1.0.0-1.el7.noarch
--> Processing Dependency: python2-cryptography for package: python2-acme-1.0.0-1.el7.noarch
--> Processing Dependency: python2-pyasn1 for package: python2-acme-1.0.0-1.el7.noarch
--> Processing Dependency: python2-pyrfc3339 for package: python2-acme-1.0.0-1.el7.noarch
--> Processing Dependency: python2-six for package: python2-acme-1.0.0-1.el7.noarch
--> Processing Dependency: pytz for package: python2-acme-1.0.0-1.el7.noarch
---> Package python2-certbot.noarch 0:1.0.0-1.el7 will be installed
--> Processing Dependency: python-parsedatetime for package: python2-certbot-1.0.0-1.el7.noarch
--> Processing Dependency: python-zope-component for package: python2-certbot-1.0.0-1.el7.noarch
--> Processing Dependency: python-zope-interface for package: python2-certbot-1.0.0-1.el7.noarch
--> Processing Dependency: python2-configargparse for package: python2-certbot-1.0.0-1.el7.noarch
--> Processing Dependency: python2-distro for package: python2-certbot-1.0.0-1.el7.noarch
--> Processing Dependency: python2-future for package: python2-certbot-1.0.0-1.el7.noarch
--> Processing Dependency: python2-mock for package: python2-certbot-1.0.0-1.el7.noarch
---> Package python2-certbot-apache.noarch 0:1.0.0-1.el7 will be installed
--> Processing Dependency: pytest for package: python2-certbot-apache-1.0.0-1.el7.noarch
--> Running transaction check
---> Package augeas-libs.x86_64 0:1.4.0-9.el7 will be installed
---> Package python-ndg_httpsclient.noarch 0:0.3.2-1.el7 will be installed
---> Package python-requests-toolbelt.noarch 0:0.8.0-1.el7 will be installed
---> Package python-zope-component.noarch 1:4.1.0-5.el7 will be installed
--> Processing Dependency: python-zope-event for package: 1:python-zope-component-4.1.0-5.el7.noarch
--> Processing Dependency: python-zope-interface for package: 1:python-zope-component-4.1.0-5.el7.noarch
---> Package python2-certbot.noarch 0:1.0.0-1.el7 will be installed
--> Processing Dependency: python-zope-interface for package: python2-certbot-1.0.0-1.el7.noarch
---> Package python2-certbot-apache.noarch 0:1.0.0-1.el7 will be installed
--> Processing Dependency: pytest for package: python2-certbot-apache-1.0.0-1.el7.noarch
---> Package python2-configargparse.noarch 0:0.11.0-1.el7 will be installed
---> Package python2-cryptography.x86_64 0:1.7.2-2.el7 will be installed
--> Processing Dependency: python-idna >= 2.0 for package: python2-cryptography-1.7.2-2.el7.x86_64
--> Processing Dependency: python-cffi >= 1.4.1 for package: python2-cryptography-1.7.2-2.el7.x86_64
--> Processing Dependency: python-enum34 for package: python2-cryptography-1.7.2-2.el7.x86_64
---> Package python2-distro.noarch 0:1.2.0-3.el7 will be installed
---> Package python2-future.noarch 0:0.18.2-2.el7 will be installed
---> Package python2-josepy.noarch 0:1.2.0-1.el7 will be installed
---> Package python2-mock.noarch 0:1.0.1-10.el7 will be installed
---> Package python2-parsedatetime.noarch 0:2.4-5.el7 will be installed
---> Package python2-pyasn1.noarch 0:0.1.9-7.el7 will be installed
---> Package python2-pyrfc3339.noarch 0:1.0-2.el7 will be installed
---> Package python2-six.noarch 0:1.9.0-0.el7 will be installed
---> Package pytz.noarch 0:2016.10-2.el7 will be installed
--> Running transaction check
---> Package python-cffi.x86_64 0:1.6.0-5.el7 will be installed
--> Processing Dependency: python-pycparser for package: python-cffi-1.6.0-5.el7.x86_64
---> Package python-enum34.noarch 0:1.0.4-1.el7 will be installed
---> Package python-idna.noarch 0:2.4-1.el7 will be installed
---> Package python-zope-component.noarch 1:4.1.0-5.el7 will be installed
--> Processing Dependency: python-zope-interface for package: 1:python-zope-component-4.1.0-5.el7.noarch
---> Package python-zope-event.noarch 0:4.0.3-2.el7 will be installed
---> Package python2-certbot.noarch 0:1.0.0-1.el7 will be installed
--> Processing Dependency: python-zope-interface for package: python2-certbot-1.0.0-1.el7.noarch
---> Package python2-certbot-apache.noarch 0:1.0.0-1.el7 will be installed
--> Processing Dependency: pytest for package: python2-certbot-apache-1.0.0-1.el7.noarch
--> Running transaction check
---> Package python-pycparser.noarch 0:2.14-1.el7 will be installed
--> Processing Dependency: python-ply for package: python-pycparser-2.14-1.el7.noarch
---> Package python-zope-component.noarch 1:4.1.0-5.el7 will be installed
--> Processing Dependency: python-zope-interface for package: 1:python-zope-component-4.1.0-5.el7.noarch
---> Package python2-certbot.noarch 0:1.0.0-1.el7 will be installed
--> Processing Dependency: python-zope-interface for package: python2-certbot-1.0.0-1.el7.noarch
---> Package python2-certbot-apache.noarch 0:1.0.0-1.el7 will be installed
--> Processing Dependency: pytest for package: python2-certbot-apache-1.0.0-1.el7.noarch
--> Running transaction check
---> Package python-ply.noarch 0:3.4-11.el7 will be installed
---> Package python-zope-component.noarch 1:4.1.0-5.el7 will be installed
--> Processing Dependency: python-zope-interface for package: 1:python-zope-component-4.1.0-5.el7.noarch
---> Package python2-certbot.noarch 0:1.0.0-1.el7 will be installed
--> Processing Dependency: python-zope-interface for package: python2-certbot-1.0.0-1.el7.noarch
---> Package python2-certbot-apache.noarch 0:1.0.0-1.el7 will be installed
--> Processing Dependency: pytest for package: python2-certbot-apache-1.0.0-1.el7.noarch
--> Finished Dependency Resolution
Error: Package: python2-certbot-apache-1.0.0-1.el7.noarch (epel)
Requires: pytest
Error: Package: python2-certbot-1.0.0-1.el7.noarch (epel)
Requires: python-zope-interface
Error: Package: 1:python-zope-component-4.1.0-5.el7.noarch (epel)
Requires: python-zope-interface
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest

My web server is (include version): EC2

The operating system my web server runs on is (include version): RHEL 7.7

My hosting provider, if applicable, is: EC2

I can login to a root shell on my machine (yes or no, or I don't know): YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Cannot install

Hi,

Please take a look at this GitHub issue, and see if the solution there can fix your issue.

Thank you

Hi Stevenzhu, Thanks for your reply.
In that thread you recommended, see the comments starting June 15th, 2018.
As noted, starting with RHEL 7.5, the packages needed are no longer in the "optional" repo. They are in RHEL cloud-subscription-only repos, which aren't available to EC2 RHEL users without external, RedHat Premium subscriptions.

In rhel 7.5, certbot can be installed by:
yum install certbot python-zope-interface --enablerepo="rhel-7-server-rpms" --enablerepo="rhel-7-server-e4s-optional-rpms" --enablerepo=epel

This means that certbot for RHEL 7.5+ is only available to premium RHEL subscribers. (See the last comment in November 2019 from a user who is not a premium RHEL Cloud subscriber.)

Hi,

I just tested this on a AMI in EC2, and i can confirm that i'm able to use / install certbot without registering the machine.

AMI:

RPMs you'll need to enable:
rhui-rhel-7-server-rhui-optional-rpms, rhui-rhel-7-server-rhui-rpms, rhui-rhel-7-server-rhui-extras-rpms, rhui-rhel-7-server-rhui-rh-common-rpms and epel for RHEL7.

Please enable the package I mentioned above and try again.

I also can't find the comment claiming that those package aren't available to EC2 machines. (Or free subscription with EC2)

P.S. Since you are using RHEL 7 RHUI with AWS EC2, you don't necessarily need to register this machine to use those repo. (I'm not responsible for this P.S.)

Thank you

Yes, in RedHat 7.0 AMI, this works fine. Our servers are running AMIs from 7.0 to 7.4 without issues installing certbot using ansible.

We just deployed a new instance on RHEL 7.7. Starting from RHEL 7.5 the installation deviates from the certbot instructions for RedHat 7. In 7.7, it seems impossible to do via yum without the premium subscription to RedHat.

You’ll notice that the comments on the thread you referenced show the deviation starting in 7.5. The final comment has the same issue I do, where there are no repos/packages of these names available without the premium subscription.

$ yum-config-manager --enable rhui-rhel-7-server-rhui-optional-rpms rhui-rhel-7-server-rhui-rpms rhui-rhel-7-server-rhui-extras-rpms rhui-rhel-7-server-rhui-rh-common-rpms
$ yum install python-zope-interface
No package python-zope-interface available.
Error: Nothing to do

If you do a google search for python-zope-interface, you get results for certbot errors in RHEL.

Thanks again for your time spent on this.

I believe the AMI I deployed is actually RHEL 7.7.
The AMI I used: AWS Marketplace: Red Hat Enterprise Linux (RHEL) 7 (HVM) (It's indeed v7.7)

A basic proof: If you don't have any subscription (or any association with RHEL, like RHUI) in your machine, you won't be able to use rhui-rhel-7-server repo.

What i did (on a fresh installed machine):

# Always update first
sudo yum -y update

# Enable repos from RHEL/RHUI (This only apply to EC2)
sudo yum-config-manager --enable rhel-7-server-rhui-extras-rpms rhel-7-server-rhui-optional-rpms

# Note:
# If there's no response to the above command, go to /etc/yum.repos.d/redhat-rhui.repo
# Check what's the exact name of your Extra and Optional Repos.

# Download EPEL
sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

# Find the package
sudo yum list python-zope-interface
Loaded plugins: amazon-id, search-disabled-repos
Available Packages
python-zope-interface.x86_64                               4.0.5-4.el7                               rhel-7-server-rhui-optional-rpms

# System version
cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.7 (Maipo)

This is actually not the case. You can look up the fact of "RHUI", which is provided for"Certified Cloud Provider".
The issue that delayed your time is I didn't write the correct repository name... which... I apologize.

After the steps I did above, you should be able to find/install certbot successfully.

In case you still can't get the package installed in your machine, (still repository not found or not able to enable those repo) please raise this to AWS support and i guess they'll need to have a talk to Redhat.

Thank you

Thank you @stevenzhu.
Now that I know it is possible, I will try these steps on my AMI, and see why it’s not working for me.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.