I installed "Let's Encrypt" and tried to add a certificate.
First I got an error that said something like"need pyOpenSSL >= 0.14".
For this I found a solution on the net:
1. rpm -e --nodeps pyOpenSSL certbot
2. yum install openssl-devel python-augeas
3. pip-3 install certbot
4. pip-3 install certbot-apache
Now i get a different error:
sudo: no tty present and no askpass program specified
I am at a loss here I can't find a solution and i don't know where to give what the correct sudo permissions...
Can anyone enlighten me?
Or was the solution for the first error wrong?
ClearOS release 7.8.1 (Final), fully updated
First I got an error that said something like"need pyOpenSSL >= 0.14".
For this I found a solution on the net:
1. rpm -e --nodeps pyOpenSSL certbot
2. yum install openssl-devel python-augeas
3. pip-3 install certbot
4. pip-3 install certbot-apache
Now i get a different error:
sudo: no tty present and no askpass program specified
I am at a loss here I can't find a solution and i don't know where to give what the correct sudo permissions...
Can anyone enlighten me?
Or was the solution for the first error wrong?
ClearOS release 7.8.1 (Final), fully updated
Share this post:
Responses (11)
-
Accepted Answer
-
Accepted Answer
I use the same domain internally and externally as my set up is quite old. I probably wouldn't do that again. The recommendation from Microsoft with Active Directory Domain Controller is to use a subdomain of your external domain on your LAN. You should not use the common .local and .lan as they are both reserved (.local for avahi/bonjour services for Apples) but it generally isn't a problem.
With your current setup you can add a DNS entry for your ClearOS LAN IP and map it to your_clearos_server.example.ch so your certificate still still work. Same for mail services and so on. -
Accepted Answer
It is working now...I reinstalled the server! Not by choice, but that is a different story.
Let's Encrypt works. But I have a different problem now. I always used example.local for my internal name
resolution and example.ch for external. In this special case I access the server with both nominations. That
was no problem as long as I used my own certificates. Now I want to use Let's Encrypt but it won't create certificates
for a .local domain.
That's not really a problem. I still can use my own certificates for internal purposes (or don't encrypt at all )
My question is: Have I been doing this the wrong way for the last 20 years? Is there a better way than .local and .ch.
Maybe you can provide me with a tip or a guide to do this right
Thanks a lot for your help -
Accepted Answer
The problem is that pip could have overwritten files installed by yum. I don't know how to walk a yum dependency tree to see what packages may need reinstalling. I've tried googling and it seems impossible to find a yum/rpm dependency tree. The big one seems to be python2-certbot, but I can only see one level:
and[root@server ~]# rpm -q --requires python2-certbot
/usr/bin/python2
python(abi) = 2.7
python-configobj
python-parsedatetime >= 1.3
python-setuptools
python-zope-component
python-zope-interface
python2-acme >= 1.6.0
python2-configargparse >= 0.9.3
python2-cryptography >= 1.2.3
python2-distro >= 1.0.1
python2-josepy >= 1.1.0
python2-mock
python2-pyrfc3339
pytz
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PartialHardlinkSets) <= 4.0.4-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(PayloadIsXz) <= 5.2-1
[root@server ~]# yum deplist python2-certbot -q
package: python2-certbot.noarch 1.9.0-1.el7
dependency: /usr/bin/python2
provider: python.x86_64 2.7.5-88.el7
dependency: python(abi) = 2.7
provider: python.x86_64 2.7.5-88.el7
dependency: python-configobj
provider: python-configobj.noarch 4.7.2-7.el7
dependency: python-parsedatetime >= 1.3
provider: python2-parsedatetime.noarch 2.4-6.el7
dependency: python-setuptools
provider: python-setuptools.noarch 0.9.8-7.el7
dependency: python-zope-component
provider: python-zope-component.noarch 1:4.1.0-5.el7
dependency: python-zope-interface
provider: python-zope-interface.x86_64 4.0.5-4.el7
dependency: python2-acme >= 1.6.0
provider: python2-acme.noarch 1.9.0-1.el7
dependency: python2-configargparse >= 0.9.3
provider: python2-configargparse.noarch 0.11.0-2.el7
dependency: python2-cryptography >= 1.2.3
provider: python2-cryptography.x86_64 1.7.2-2.el7
dependency: python2-distro >= 1.0.1
provider: python2-distro.noarch 1.2.0-3.el7
dependency: python2-josepy >= 1.1.0
provider: python2-josepy.noarch 1.3.0-2.el7
dependency: python2-mock
provider: python2-mock.noarch 1.0.1-10.el7
dependency: python2-pyrfc3339
provider: python2-pyrfc3339.noarch 1.1-3.el7
dependency: pytz
provider: pytz.noarch 2016.10-2.el7
-
Accepted Answer
Fubar
I found a system with a working installation of Let's Encrypt.
I checked the yum python and pip packages and made sure both are the same.
yum list installed "python-*" | sort
yum list installed "python2*" | sort
yum list installed "python3*" | sort
give now the same results.
And I checked
pip3 list | sort
on both systems and made sure all packages match and that they where installed by yum.
ls -1d /usr/lib/python3.6/site-packages/*egg-info | xargs rpm -qf
ls -1d /usr/lib/python2.7/site-packages/*egg-info | xargs rpm -qf
No result
certbot still gives me a "pkg_resources.DistributionNotFound: urllib3>=1.21.1,<1.25"
Any Idea what else I could check?
I think I have to reinstall the Server to get out off this mess.
Never ever will I mix yum and pip again -
Accepted Answer
I only have a urllib3-1.10.2-py2.7.egg-info. Remember your "pip installs" may have dragged in other dependencies with pip. You may need to hunt them down, remove them then reinstall the correct package with yum. I have no problem creating new certificates.
[edit]
Or if you've used pip before, that may also have caused the damage.
[/edit] -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
I found out that File
"/usr/lib/python2.7/site-packages/urllib3-1.24.1-py2.7.egg/urllib3/contrib/pyopenssl.py"
doesn't belong to any package installed. So I deleted the thing.
rm -rf /usr/lib/python2.7/site-packages/urllib3-1.24.1-py2.7.egg
Now I get this Error:
Traceback (most recent call last):
File "/usr/bin/certbot", line 5, in
from pkg_resources import load_entry_point
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 3011, in
parse_requirements(__requires__), Environment()
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 626, in resolve
raise DistributionNotFound(req)
pkg_resources.DistributionNotFound: urllib3>=1.21.1,<1.25
rpm -qa python-urllib3
python-urllib3-1.10.2-7.el7.noarch
I don't remember messing things up. :|
I normally just use Webconfig to install/remove things. And maybe some configurations for samba on the commandline..... -
Accepted Answer
Thanks a lot for the clarification. After the first error, I just followed an instruction I found
to replace pyOpenSSL yum version with pip...
I uninstalled the pip things and reinstalled the yum versions:
pip-3 uninstall certbot-apache
pip-3 uninstall certbot
yum remove python-augeas
yum install certbot pyOpenSSL
installed certbot-1.9.0-1.el7.noarchpy
installed OpenSSL-0.13.1-4.el7.x86_64
Now I have again the original error message again:
Traceback (most recent call last):
File "/usr/bin/certbot", line 9, in
load_entry_point('certbot==1.9.0', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 378, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2566, in load_entry_point
return ep.load()
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2260, in load
entry = __import__(self.module_name, globals(),globals(), ['__name__'])
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 2, in
from certbot._internal import main as internal_main
File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 20, in
from certbot._internal import account
File "/usr/lib/python2.7/site-packages/certbot/_internal/account.py", line 18, in
from acme.client import ClientBase # pylint: disable=unused-import
File "/usr/lib/python2.7/site-packages/acme/client.py", line 39, in
requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3() # type: ignore
File "/usr/lib/python2.7/site-packages/urllib3-1.24.1-py2.7.egg/urllib3/contrib/pyopenssl.py", line 118, in inject_into_urllib3
_validate_dependencies_met()
File "/usr/lib/python2.7/site-packages/urllib3-1.24.1-py2.7.egg/urllib3/contrib/pyopenssl.py", line 153, in _validate_dependencies_met
raise ImportError("'pyOpenSSL' module missing required functionality. "
ImportError: 'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.
Maybe something else is missing? -
Accepted Answer
As you've gone down the pip route I can't really help now as you have a mixture of sources from yum and pip. You now probably have certbot from both yum and pip, and there should be no need for certbot-apache. My Let's Encrypt works with pyOpenSSL-0.13.1-4.el7 so I really don't know what mess you're in. Although I have python-augeas installed, I don't know why as "repoquery -q --installed --whatrequires python-augeas" returns nothing and removing it removes nothing else. It is probably an old dependency.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »