Version Conflict / Automatic Renewal Help


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: allegsa.com

I ran this command: sudo certbot --nginx -d allegsa.com -d www.allegsa.com

It produced this output: An unexpected error occurred:
VersionConflict: (certbot 0.25.1 (/usr/lib/python2.7/site-packages), Requirement.parse(‘certbot==0.20.0’))
Please see the logfile ‘/tmp/tmp5oiGUH’ for more details.

/tmp/tmp5oiGUH contents:
2018-07-09 14:09:00,499:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.25.1’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1297, in main
plugins = plugins_disco.PluginsRegistry.find_all()
File “/usr/lib/python2.7/site-packages/certbot/plugins/disco.py”, line 201, in find_all
plugin_ep = PluginEntryPoint(entry_point)
File “/usr/lib/python2.7/site-packages/certbot/plugins/disco.py”, line 47, in init
self.plugin_cls = entry_point.load()
File “/usr/lib/python2.7/site-packages/pkg_resources.py”, line 2259, in load
if require: self.require(env, installer)
File “/usr/lib/python2.7/site-packages/pkg_resources.py”, line 2272, in require
working_set.resolve(self.dist.requires(self.extras),env,installer)))
File “/usr/lib/python2.7/site-packages/pkg_resources.py”, line 630, in resolve
raise VersionConflict(dist,req) # XXX put more info here
VersionConflict: (certbot 0.25.1 (/usr/lib/python2.7/site-packages), Requirement.parse(‘certbot==0.20.0’))
2018-07-09 14:09:00,499:ERROR:certbot.log:An unexpected error occurred:

My web server is (include version): nginx/1.12.2

The operating system my web server runs on is (include version): CentOS 7

My hosting provider, if applicable, is: Zelon

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

I also need help figuring out to auto-renew, it never seems to work no matter how much I try.


#2

Either the Certbot installation is damaged, and contains files from different versions, or there are multiple Cerbot installations using different versions, and they’re trying to use each other’s files…

/usr/bin/certbot probably works.

If you run something like “find / -name 'certbot*' 2>/dev/null”, what does it find?

Do you know how this happened?

I don’t know how or where things are normally installed on CentOS.


#3

/usr/bin/certbot doesn’t work, and it says

/etc/sysconfig/certbot
/opt/eff.org/certbot
/opt/eff.org/certbot/venv/certbot-auto-bootstrap-version.txt
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot-0.21.1.dist-info
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_apache-0.21.1.dist-info
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_nginx-0.24.0.dist-info
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_nginx-0.21.1.dist-info
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_nginx
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot-0.24.0.dist-info
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_apache-0.24.0.dist-info
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_apache
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_apache/tests/testdata/debian_apache_2_4/multiple_vhosts/apache2/sites-available/certbot.conf
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_apache/tests/testdata/debian_apache_2_4/multiple_vhosts/apache2/sites-enabled/certbot.conf
/opt/eff.org/certbot/venv/bin/certbot
/usr/share/licenses/certbot-0.25.1
/usr/share/licenses/certbot-0.20.0
/usr/share/licenses/certbot-0.19.0
/usr/share/doc/certbot-0.25.1
/usr/share/doc/certbot-0.20.0
/usr/share/doc/certbot-0.19.0
/usr/lib/systemd/system/certbot-renew.timer
/usr/lib/systemd/system/certbot-renew.service
/usr/lib/python2.7/site-packages/certbot-0.20.0-py2.7.egg-info
/usr/lib/python2.7/site-packages/certbot
/usr/lib/python2.7/site-packages/certbot_nginx
/usr/lib/python2.7/site-packages/certbot_nginx-0.20.0-py2.7.egg-info
/usr/lib/python2.7/site-packages/certbot_nginx-0.25.1-py2.7.egg-info
/usr/lib/python2.7/site-packages/certbot-0.19.0-py2.7.egg-info
/usr/lib/python2.7/site-packages/certbot_nginx-0.19.0-py2.7.egg-info
/usr/lib/python2.7/site-packages/certbot-0.25.1-py2.7.egg-info
/usr/bin/certbot
/usr/bin/certbot-2

BTW ALLEGSA.COM is running a temp cert


#4

Looks like you have some duplicate packages. This can happen if a yum operation (install, remove, upgrade, etc.) is interrupted for some reason, such as power loss.

You can check if this is the problem by running:

sudo package-cleanup --dupes

On some minimal/cloud systems, the package-cleanup utility isn’t installed by default and you may have to yum install yum-utils to use it.

If that lists packages that are duplicates, you can remove them all from the RPM database with:

sudo package-cleanup --cleandupes

This will fix up the RPM database so yum doesn’t get further confused, but it won’t actually fix certbot (or remove any stray files the duplicate packages may have left on your computer). To repair certbot, you will need to reinstall it once you have fixed the duplicates:

sudo yum reinstall python2-certbot

Other packages may have been broken by the event that caused the duplicates. You may want to save the output of the first command and reinstall any other packages it lists if you have problems with them.


#5

I figured that out but can’t figure out auto renew


#6

Attempting to renew cert (enderskies.com-0001) from /etc/letsencrypt/renewal/enderskies.com-0001.conf produced an unexpected error: Failed authorization procedure. www.enderskies.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused, enderskies.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused. Skipp


#7

Is that really your domain?

http://www.enderskies.com/

It was registered May 28 and redirects to a “this domain is for sale!” marketing page.

The web server – an Amazon load balancer – doesn’t support HTTPS. Connecting to port 443 gives a “connection refused” error.


#8

That’s an old domain that I didn’t renew sorry, let me give a different example


#9

It’s working now, sorry for my mistake wrong thing


#10

What about auto-renew w/ crontab?


#11

There was a certbot timer installed. Check “systemctl list-timers” (or the CentOS equivalent, if it’s different) to make sure it’s still installed and running.

You can also wait until tomorrow-ish and use journalctl or read /var/log/letsencrypt/letsencrypt.log to make sure it’s working.