We've been using letsencrypt/certbot for a while now but recently i've upgraded our server to a newer AMI and tried installing certbot again. it seems to be throwing the errors below. I have tried installing snap and after running this command: sudo snap install --classic certbot
it spits out this error which I cannot find a solution for:
error: system does not fully support snapd: cannot mount squashfs image using
"squashfs": mount: unknown filesystem type 'squashfs'
Any assistance would be greatly appreciated. Let me know if you need further info.
My domain is: *.devbankamp.com.au
I ran this command: ./certbot-auto
It produced this output:
Skipping bootstrap because certbot-auto is deprecated on this system.
./certbot-auto has insecure permissions!
To learn how to fix them, visit Certbot-auto deployment best practices
Your system is not supported by certbot-auto anymore.
Certbot cannot be installed.
Please visit https://certbot.eff.org/ to check for other alternatives.
My web server is (include version):
The operating system my web server runs on is (include version): Red Hat Enterprise Linux Server release 7.9 (Maipo)
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): n/a
If your kernel doesn't have
squashfs enabled, you might still be able to install Certbot from EPEL. It has a reasonable up-to-date version of Certbot.
Install EPEL for Red Hat 7.
python2-certbot-apache or whatever you need.
Was able to install EPEL
and do a yum install certbot
Currently getting this error. the current version of pyOpenSSL is 0.13.1 and it won't upgrade further.
Any suggestions on how to bypass this?
[root@ip-10-162-30-243 opt]# certbot
Traceback (most recent call last):
File "/bin/certbot", line 9, in
load_entry_point('certbot==1.11.0', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/pkg_resources/init.py", line 572, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.7/site-packages/pkg_resources/init.py", line 2769, in load_entry_point
File "/usr/lib/python2.7/site-packages/pkg_resources/init.py", line 2422, in load
File "/usr/lib/python2.7/site-packages/pkg_resources/init.py", line 2428, in resolve
module = import(self.module_name, fromlist=['name'], level=0)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 2, in
from certbot._internal import main as internal_main
File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 21, in
from certbot._internal import account
File "/usr/lib/python2.7/site-packages/certbot/_internal/account.py", line 17, in
from acme.client import ClientBase # pylint: disable=unused-import
File "/usr/lib/python2.7/site-packages/acme/client.py", line 39, in
requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3() # type: ignore
File "/root/.local/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 122, in inject_into_urllib3
File "/root/.local/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 164, in _validate_dependencies_met
"'pyOpenSSL' module missing required functionality. "
ImportError: 'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.
Ah I think that's because of the user site-packages Python packages installed via your
That creates a version conlict. That's unfortunate.
The whole point in snaps is to avoid this kind of issue but it seems you have some custom kernel image without a required feature.
I suspect that if you run Certbot like this it will work:
PYTHONNOUSERSITE=false certbot --version
Of course, that's only a half-measure and not really a full solution.
I'm not sure what the best solution for you is, honestly. I'd probably get rid of the
root user's site-packages ... but I'm not sure why you have them to begin with, so I wouldn't advise you to blindly follow that advice.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.