Version Conflict / Automatic Renewal Help

Aidan · July 9, 2018, 6:34pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: allegsa.com

I ran this command: sudo certbot --nginx -d allegsa.com -d www.allegsa.com

It produced this output: An unexpected error occurred:
VersionConflict: (certbot 0.25.1 (/usr/lib/python2.7/site-packages), Requirement.parse(‘certbot==0.20.0’))
Please see the logfile ‘/tmp/tmp5oiGUH’ for more details.

/tmp/tmp5oiGUH contents:
2018-07-09 14:09:00,499:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.25.1’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1297, in main
plugins = plugins_disco.PluginsRegistry.find_all()
File “/usr/lib/python2.7/site-packages/certbot/plugins/disco.py”, line 201, in find_all
plugin_ep = PluginEntryPoint(entry_point)
File “/usr/lib/python2.7/site-packages/certbot/plugins/disco.py”, line 47, in init
self.plugin_cls = entry_point.load()
File “/usr/lib/python2.7/site-packages/pkg_resources.py”, line 2259, in load
if require: self.require(env, installer)
File “/usr/lib/python2.7/site-packages/pkg_resources.py”, line 2272, in require
working_set.resolve(self.dist.requires(self.extras),env,installer)))
File “/usr/lib/python2.7/site-packages/pkg_resources.py”, line 630, in resolve
raise VersionConflict(dist,req) # XXX put more info here
VersionConflict: (certbot 0.25.1 (/usr/lib/python2.7/site-packages), Requirement.parse(‘certbot==0.20.0’))
2018-07-09 14:09:00,499:ERROR:certbot.log:An unexpected error occurred:

My web server is (include version): nginx/1.12.2

The operating system my web server runs on is (include version): CentOS 7

My hosting provider, if applicable, is: Zelon

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

I also need help figuring out to auto-renew, it never seems to work no matter how much I try.

mnordhoff · July 9, 2018, 11:34pm

Either the Certbot installation is damaged, and contains files from different versions, or there are multiple Cerbot installations using different versions, and they’re trying to use each other’s files…

/usr/bin/certbot probably works.

If you run something like “find / -name 'certbot*' 2>/dev/null”, what does it find?

Do you know how this happened?

I don’t know how or where things are normally installed on CentOS.

Aidan · July 9, 2018, 11:50pm

/usr/bin/certbot doesn't work, and it says

/etc/sysconfig/certbot
/opt/eff.org/certbot
/opt/eff.org/certbot/venv/certbot-auto-bootstrap-version.txt
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot-0.21.1.dist-info
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_apache-0.21.1.dist-info
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_nginx-0.24.0.dist-info
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_nginx-0.21.1.dist-info
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_nginx
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot-0.24.0.dist-info
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_apache-0.24.0.dist-info
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_apache
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_apache/tests/testdata/debian_apache_2_4/multiple_vhosts/apache2/sites-available/certbot.conf
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot_apache/tests/testdata/debian_apache_2_4/multiple_vhosts/apache2/sites-enabled/certbot.conf
/opt/eff.org/certbot/venv/bin/certbot
/usr/share/licenses/certbot-0.25.1
/usr/share/licenses/certbot-0.20.0
/usr/share/licenses/certbot-0.19.0
/usr/share/doc/certbot-0.25.1
/usr/share/doc/certbot-0.20.0
/usr/share/doc/certbot-0.19.0
/usr/lib/systemd/system/certbot-renew.timer
/usr/lib/systemd/system/certbot-renew.service
/usr/lib/python2.7/site-packages/certbot-0.20.0-py2.7.egg-info
/usr/lib/python2.7/site-packages/certbot
/usr/lib/python2.7/site-packages/certbot_nginx
/usr/lib/python2.7/site-packages/certbot_nginx-0.20.0-py2.7.egg-info
/usr/lib/python2.7/site-packages/certbot_nginx-0.25.1-py2.7.egg-info
/usr/lib/python2.7/site-packages/certbot-0.19.0-py2.7.egg-info
/usr/lib/python2.7/site-packages/certbot_nginx-0.19.0-py2.7.egg-info
/usr/lib/python2.7/site-packages/certbot-0.25.1-py2.7.egg-info
/usr/bin/certbot
/usr/bin/certbot-2

BTW ALLEGSA.COM is running a temp cert

Patches · July 10, 2018, 11:47pm

Looks like you have some duplicate packages. This can happen if a yum operation (install, remove, upgrade, etc.) is interrupted for some reason, such as power loss.

You can check if this is the problem by running:

sudo package-cleanup --dupes

On some minimal/cloud systems, the package-cleanup utility isn't installed by default and you may have to yum install yum-utils to use it.

If that lists packages that are duplicates, you can remove them all from the RPM database with:

sudo package-cleanup --cleandupes

This will fix up the RPM database so yum doesn't get further confused, but it won't actually fix certbot (or remove any stray files the duplicate packages may have left on your computer). To repair certbot, you will need to reinstall it once you have fixed the duplicates:

sudo yum reinstall python2-certbot

Other packages may have been broken by the event that caused the duplicates. You may want to save the output of the first command and reinstall any other packages it lists if you have problems with them.

Aidan · July 11, 2018, 5:12am

I figured that out but can't figure out auto renew

Aidan · July 11, 2018, 5:12am

Attempting to renew cert (enderskies.com-0001) from /etc/letsencrypt/renewal/enderskies.com-0001.conf produced an unexpected error: Failed authorization procedure. www.enderskies.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused, enderskies.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused. Skipp

mnordhoff · July 11, 2018, 5:43am

Is that really your domain?

http://www.enderskies.com/

It was registered May 28 and redirects to a “this domain is for sale!” marketing page.

The web server – an Amazon load balancer – doesn’t support HTTPS. Connecting to port 443 gives a “connection refused” error.

Aidan · July 11, 2018, 5:55am

That’s an old domain that I didn’t renew sorry, let me give a different example

Aidan · July 11, 2018, 5:55am

It’s working now, sorry for my mistake wrong thing

Aidan · July 11, 2018, 5:56am

What about auto-renew w/ crontab?

mnordhoff · July 11, 2018, 6:14am

There was a certbot timer installed. Check “systemctl list-timers” (or the CentOS equivalent, if it’s different) to make sure it’s still installed and running.

You can also wait until tomorrow-ish and use journalctl or read /var/log/letsencrypt/letsencrypt.log to make sure it’s working.

system · August 10, 2018, 6:14am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.