Various errors renewing certificate on CentOS (AWS)

dan382 · October 25, 2017, 4:01pm

Hi,

I’ve recently tried to renew my certificate using the standard command:

./letsencrypt-auto --text --agree-tos --email dan@myemail.com certonly --renew-by-default --webroot --webroot-path /var/www/html/pro01.co.uk -d pro01.co.uk

and ran into the following error:

Upgrading certbot-auto 0.17.0 to 0.19.0...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in <module>
    from certbot.main import main
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 9, in <module>
    import zope.component
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/zope/component/__init__.py", line 16, in <module>
    from zope.interface import Interface
ImportError: No module named interface

I tried the following command:
/root/.local/share/letsencrypt/bin/pip list

…and noted that zope.interface does not appear to be installed. I then ran the following command:
sudo /root/.local/share/letsencrypt/bin/pip install zope.interface which says it installed successfully.

I then restarted httpd services and tried renewing the certificate again but this time got this error:
Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt: Traceback (most recent call last): File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in <module> from certbot.main import main File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 11, in <module> from acme import jose File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/acme/jose/__init__.py", line 37, in <module> from acme.jose.interfaces import JSONDeSerializable File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/acme/jose/interfaces.py", line 9, in <module> from acme.jose import util File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/acme/jose/util.py", line 4, in <module> from cryptography.hazmat.primitives.asymmetric import rsa ImportError: No module named cryptography.hazmat.primitives.asymmetric

I also tried sudo ./letsencrypt-auto --help but received the same error.

Any suggestions?

Osiris · October 25, 2017, 4:44pm

Perhaps the cryptography library needs updating.

Should be something letsencrypt-auto (does this install the same client as certbot-auto? letsencrypt is a VERY old name for certbot…) should do on its own I’d say…

dan382 · October 25, 2017, 7:27pm

I've tried the following:
pip install cryptography

But it simply says 'Requirement already satisfied'

I've also tried updating my commands to:
./certbot-auto
...but the same error persists.

Any other ideas?

romainPellerin · October 26, 2017, 5:37am

Dan,

run this to update certbot:

unset PYTHON_INSTALL_LAYOUT
/root/.local/share/letsencrypt/bin/pip install --upgrade certbot

and then this to install your certificate:

certbot-auto certonly -a webroot --webroot-path=/usr/share/nginx/html/yourwebsite -d yousite.com -d www.yoursite.com --debug

or this to renew your certificate:

certbot-auto renew --post-hook 'service nginx reload'

Hope this helps, best.

jared.m · October 26, 2017, 6:15am

This will not install the certificate, it will only issue and retrieve it. The installation will have to be done manually.

dan382 · October 26, 2017, 7:13am

So I ran these as two separate commands followed by the standard command I normally use to install certificates:

./letsencrypt-auto --text --agree-tos --email dan@myemail.com certonly --renew-by-default --webroot --webroot-path /var/www/html/pro01.co.uk -d pro01.co.uk

and success! Installed as normal.

Thanks for your input Romain. One last question...

What exactly did I just do?

Osiris · October 26, 2017, 11:46am

Note: the --renew-by-default part will get you in trouble if you run the client too often, as it will always get a new certificate. It’s adviced to remove such an option and put a cd /path/to/letsencrypt/; ./letsencrypt-auto renew in a daily cronjob.

dan382 · October 26, 2017, 12:04pm

Thanks Osiris. I only run that command when the certs about to expire. I time the update alongside a three monthly cycle of server updates. I’m assuming used in this context that would be fine?

Osiris · October 26, 2017, 12:06pm

If the certificates are already up for renewal (within 30 days of expiry), the command shouldn’t be necessary too.

dan382 · October 26, 2017, 12:07pm

Ok so just:

./letsencrypt-auto --text --agree-tos --email dan@myemail.com certonly --webroot --webroot-path /var/www/html/pro01.co.uk -d pro01.co.uk

Osiris · October 26, 2017, 12:08pm

Should do the trick if all certificates are up for renewal.

system · November 25, 2017, 12:08pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
I've tried everything (I think) and I can't renew Server	18	4560	December 6, 2017
Certbot-auto renew error Help	3	3263	April 11, 2017
Certbot-auto renew fails AWS Linux Help	3	2686	December 22, 2016
AWS EC2 AMI zope.interface error Help	2	2832	June 28, 2016
Renew expired cert Help	2	1503	November 12, 2017

Various errors renewing certificate on CentOS (AWS)

Related topics