Updating old installation on CentOS

I wanted to renew some certificates.

Back when i first installed certbot, roughly 8 months ago i beleive, I had to change nothing at all, i simply had to install certbot, and it would check my folders within ngnix for configs and setup all certificates accordingly.

I have five domains on the same server, of those four are php while one is a django running, all of which are using nginx. The django works, while only two of the php-domains work. I attempted to update roughly two months ago, where the problems between them arised.

When i attempt to run: /usr/bin/certbot, I get this:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 5, in <module>
from pkg_resources import load_entry_point
File “/usr/lib/python2.7/site-packages/pkg_resources.py”, line 3011, in <module>
parse_requirements(requires), Environment()
File “/usr/lib/python2.7/site-packages/pkg_resources.py”, line 631, in resolve
requirements.extend(dist.requires(req.extras)[::-1])
File “/usr/lib/python2.7/site-packages/pkg_resources.py”, line 2497, in requires
“%s has no such extra feature %r” % (self, ext)
pkg_resources.UnknownExtra: requests 2.6.0 has no such extra feature ‘security’

And when I attempt to update the requests package with command “sudo pip install --upgrade requests”, I get this:
Collecting requests
Using cached https://files.pythonhosted.org/packages/ff/17/5cbb026005115301a8fb2f9b0e3e8d32313142fe8b617070e7baad20554f/requests-2.20.1-py2.py3-none-any.whl
Requirement already satisfied, skipping upgrade: idna<2.8,>=2.5 in /usr/lib/python2.7/site-packages (from requests) (2.7)
Requirement already satisfied, skipping upgrade: chardet<3.1.0,>=3.0.2 in /usr/lib/python2.7/site-packages (from requests) (3.0.4)
Requirement already satisfied, skipping upgrade: urllib3<1.25,>=1.21.1 in /usr/lib/python2.7/site-packages (from requests) (1.24.1)
Requirement already satisfied, skipping upgrade: certifi>=2017.4.17 in /usr/lib/python2.7/site-packages (from requests) (2018.10.15)
Installing collected packages: requests
Found existing installation: requests 2.6.0
Cannot uninstall ‘requests’. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall.

My next idea is to remove python entirely and install it again, but seems a bit much, especially when taking into considderation that this python came with the OS, and I assume there might be other things depending on it.

Have you seen https://github.com/certbot/certbot/issues/6396 ?

The conclusion seems to be that the issue arises from having installed Python packages from a mixture of sources - some from pip, some from yum.

Apart from cleaning up the above conflict, I could suggest a rather extreme workaround which would be to use certbot-auto instead, which isolates its dependencies within a virtualenv. So even if your system dependencies are all messed up, it should still succeed. And it will automatically pick up your existing Certbot settings.

2 Likes

I have now solved my problem with certbot-auto seems that this was what i used back 8 months ago, thanks!

1 Like

Great! Just make sure to add a daily cron task for /path/to/certbot-auto -q renew, since unlike certbot, it does not install its own.

I believe when adding /path/to/certbot-auto -q renew to crontab, --nginx should be added right? Because all web-services runs on nginx.

When you renew the certificate, certbot would use whatever method you use to obtain the original to renew it....
So if you use Nginx to obtain the certificate initially, yes, certbot would still use Nginx to renew it.

Thank you

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.