Looking for a way to get certbot running on Amazon Linux 2

amazon-linuxcertbotlets-encrypt

Amazon has a new Linux out called "Amazon Linux 2"

When I try and get certbot going….

 wget https://dl.eff.org/certbot-auto
 chmod a+x certbot-auto
 ./certbot-auto

gives this error

Sorry, I don't know how to bootstrap Certbot on your operating system!

You will need to install OS dependencies, configure virtualenv, and run pip install manually.
Please see https://letsencrypt.readthedocs.org/en/latest/contributing.html#prerequisites for more info.

Then I tried:

yum install pip
yum install python-pip
pip install cryptography 
pip install certbot
yum install python-urllib3
yum install augeas
/usr/bin/certbot

And I get this message

Traceback (most recent call last):
  File "/usr/bin/certbot", line 7, in <module>
    from certbot.main import main
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 19, in <module>
    from certbot import client
  File "/usr/lib/python2.7/site-packages/certbot/client.py", line 11, in <module>
    from acme import client as acme_client
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 34, in <module>
    import urllib3.contrib.pyopenssl  # pylint: disable=import-error
  File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 50, in <module>
    from ndg.httpsclient.ssl_peer_verification import SUBJ_ALT_NAME_SUPPORT
ImportError: No module named ndg.httpsclient.ssl_peer_verification

I am not sure where to go from here. Any suggestions would be greatly appreciated!

Best Answer

I was having trouble with this as well since Amazon Linux 2 doesn't have epel-release in its repositories, but I've found you can install the EPEL RPM package itself, and then you'll be able to install certbot or certbot-nginx from there.

Download the RPM

curl -O http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Then install it

sudo yum install epel-release-latest-7.noarch.rpm

Now you can install certbot
```
sudo yum install certbot
```
And then run it as usual
```
sudo certbot
```

Check out the certbot page for configuration details after that.

Related Solutions

Why is Let’s Encrypt now failing to look up an A record from Pragmatometer.com

My best guess is that there was an intermittent / short-lived DNS failure / timeout from the Let's Encrypt side (or maybe you happen to be on a slow connection).

Indeed, a quick check of the core error message ("query timed out looking up A for" site:letsencrypt.org) reveals some reports on the LE forum site like this one.

Try again in a little bit, and you should be golden.

Certbot setting up ssl, error “No module named ‘ConfigParser'”

First of all, removing Python 3 as suggested in a previous answer is a terrible idea, while it has a slight chance of fixing your particular problem, it is much more likely to create many more since any program depending on it will crash.

Second, your problem stems from a modification that was made to your system that should never have been made. python is meant to link to python2 by default (see PEP 394) for backwards compatibility and is provided by python-minimal on Ubuntu (see file list).

I would suggest removing broken packages, reinstalling python, python-minimal, python3 and python3-minimal running something along the lines of:

sudo apt update     # Get an up-to-date list of available packages
sudo apt autoclean  # Remove partial packages
sudo apt clean      # Remove package cache to force redownload
sudo apt install --reinstall python python-minimal python3 python3-minimal

Should any of the broken packages refuse to be removed through apt, you can use sudo dpkg --remove -force --force-remove-reinstreq $BROKEN_PACKAGE_NAMES (where you should of course replace the variable with the actual broken packages). BEWARE, this will pretty much uninstall anything so do not attempt to uninstall a package you believe to be critical to your system.

Once you've fixed your system Python, run certbot-auto again.

Best Answer

Related Solutions

Why is Let’s Encrypt now failing to look up an A record from Pragmatometer.com

Certbot setting up ssl, error “No module named ‘ConfigParser'”

Related Topic