AWS – Install Certbot Nginx on Amazon Linux AMI

amazon ec2amazon-linuxcertbot

i have a really old amazon linux ami in which i need to install certbot for my nginx which is running a php website. Now i need to install ssl on this website. But i cannot install certbot-nginx on my server. whenever i try to install

sudo yum install python2-certbot-nginx.noarch

it shows me some dependency error. Like this at the end

--> Processing Dependency: python-requests >= 2.6.0 for package: python2-requests-2.6.0-0.el7.noarch
---> Package python2-six.noarch 0:1.9.0-0.el7 will be installed
--> Processing Dependency: python-six >= 1.9.0 for package: python2-six-1.9.0-0.el7.noarch
---> Package setools-libs.x86_64 0:3.3.7-34.23.amzn1 will be installed
--> Finished Dependency Resolution
Error: Package: python2-requests-2.6.0-0.el7.noarch (epel)
           Requires: python-requests >= 2.6.0
           Installed: python26-requests-1.2.3-5.10.amzn1.noarch (@amzn-main)
               python-requests = 1.2.3-5.10.amzn1
Error: Package: python2-acme-1.11.0-1.el7.noarch (epel)
           Requires: python2-cryptography
Error: Package: python2-acme-1.11.0-1.el7.noarch (epel)
           Requires: pyOpenSSL >= 0.13.1
           Installing: python26-pyOpenSSL-0.10-2.8.amzn1.x86_64 (amzn-main)
               pyOpenSSL = 0.10-2.8.amzn1
Error: Package: python2-acme-1.11.0-1.el7.noarch (epel)
           Requires: python2-pyasn1
Error: Package: certbot-1.11.0-1.el7.noarch (epel)
           Requires: systemd
Error: Package: python2-six-1.9.0-0.el7.noarch (epel)
           Requires: python-six >= 1.9.0
           Installed: python26-six-1.8.0-1.23.amzn1.noarch (@amzn-main)
               python-six = 1.8.0-1.23.amzn1
Error: Package: python2-josepy-1.3.0-2.el7.noarch (epel)
           Requires: python2-setuptools
Error: Package: python2-josepy-1.3.0-2.el7.noarch (epel)
           Requires: python2-cryptography
Error: Package: python2-certbot-1.11.0-1.el7.noarch (epel)
           Requires: python2-cryptography >= 1.2.3
Error: Package: python2-acme-1.11.0-1.el7.noarch (epel)
           Requires: pyOpenSSL >= 0.13.1
           Available: python26-pyOpenSSL-0.10-2.8.amzn1.x86_64 (amzn-main)
               pyOpenSSL = 0.10-2.8.amzn1
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

i have tried installing yum-utils and package-cleanup --leaves but still the following error shows up. Can anyone tell me how to prevent this issue? thanks.
btw my servers os-release

NAME="Amazon Linux AMI"
VERSION="2018.03"
ID="amzn"
ID_LIKE="rhel fedora"
VERSION_ID="2018.03"
PRETTY_NAME="Amazon Linux AMI 2018.03"
ANSI_COLOR="0;33"
CPE_NAME="cpe:/o:amazon:linux:2018.03:ga"
HOME_URL="http://aws.amazon.com/amazon-linux-ami/"

Can anyone help me with this? I think if I could remove all these dependencies issues than I could install the python2-certbot-nginx and i could do ssl. Any help can i get? Thanks in advance.

Best Answer

I also faced similar issue a few months back in Amazon linux. Fixed this by installing certbot via pip. The commands that I used:

pip install virtualenv
virtualenv ~/.certbot
source ~/.certbot/bin/activate
pip install 'setuptools<41'
pip install certbot
pip install 'parsedatetime<2.6'

Now simply generate the certificate by issuing below command

sudo ~/.certbot/bin/certbot certonly --webroot -w /usr/share/nginx/html/example -d example.com

Related Solutions

Amazon EC2 – AMI vs. EBS vs. Snapshot vs. Volume Terminology

An AMI, as you note, is a machine image. It's a total snapshot of a system stored as an image that can be launched as an instance. We'll get back to AMIs in a second.

Lets look at EBS. Your other two items are sub-items of this. EBS is a virtual block device. You can think of it as a hard drive, although it's really a bunch of software magic to link into another kind of storage device but make it look like a hard drive to an instance.

EBS is just the name for the whole service. Inside of EBS you have what are called volumes. These are the "unit" amazon is selling you. You create a volume and they allocate you X number of gigabytes and you use it like a hard drive that you can plug into any of your running computers (instances). Volumes can either be created blank or from a snapshot copy of previous volume, which brings us to the next topic.

Snapshots are ... well ... snapshots of volumes: an exact capture of what a volume looked like at a particular moment in time, including all its data. You could have a volume, attach it to your instance, fill it up with stuff, then snapshot it, but keep using it. The volume contents would keep changing as you used it as a file system but the snapshot would be frozen in time. You could create a new volume using this snapshot as a base. The new volume would look exactly like your first disk did when you took the snapshot. You could start using the new volume in place of the old one to roll-back your data, or maybe attach the same data set to a second machine. You can keep taking snapshots of volumes at any point in time. It's like a freeze-frame instance backup that can then easy be made into a new live disk (volume) whenever you need it.

So volumes can be based on new blank space or on a snapshot. Got that? Volumes can be attached and detached from any instances, but only connected to one instance at a time, just like the physical disk that they are a virtual abstraction of.

Now back to AMIs. These are tricky because there are two types. One creates an ephemeral instances where the root files system looks like a drive to the computer but actually sits in memory somewhere and vaporizes the minute it stops being used. The other kind is called an EBS backed instance. This means that when your instances loads up, it loads its root file system onto a new EBS volume, basically layering the EC2 virtual machine technology on top of their EBS technology. A regular EBS volume is something that sits next to EC2 and can be attached, but an EBS backed instance also IS a volume itself.

A regular AMI is just a big chunk of data that gets loaded up as a machine. An EBS backed AMI will get loaded up onto an EBS volume, so you can shut it down and it will start back up from where you left off just like a real disk would.

Now put it all together. If an instance is EBS backed, you can also snapshot it. Basically this does exactly what a regular snapshot would ... a freeze frame of the root disk of your computer at a moment in time. In practice, it does two things different. One is it shuts down your instance so that you get a copy of the disk as it would look to an OFF computer, not an ON one. This makes it easier to boot up :) So when you snapshot an instance, it shuts it down, takes the disk picture, then starts up again. Secondly, it saves that images as an AMI instead of as a regular disk snapshot. Basically it's a bootable snapshot of a volume.

Let’s Encrypt – Best Practices for Setting a Cron Job for Certbot Renewal

Monthly is not frequent enough.

This script should run at least weekly, and preferably daily. Remember that certs don't get renewed unless they are near to expiration, and monthly could cause your existing certs to occasionally be expired already before they get renewed.

The name of the program is certbot, which was renamed from letsencrypt. If you are still using letsencrypt, you need to update to the current version.

Aside from those issues, it's about the same as my cron jobs.

43 6 * * * certbot renew --post-hook "systemctl reload nginx"

Note: in 18.04 LTS the letsencrypt package has been (finally) renamed to certbot. It now includes a systemd timer which you can enable to schedule certbot renewals, with systemctl enable certbot.timer and systemctl start certbot.timer. However, Ubuntu did not provide a way to specify hooks. You'll need to set up an override for certbot.service to override ExecStart= with your desired command line, until Canonical fixes this.

Best Answer

Related Solutions

Amazon EC2 – AMI vs. EBS vs. Snapshot vs. Volume Terminology

Let’s Encrypt – Best Practices for Setting a Cron Job for Certbot Renewal

Related Topic