So let’s say you’re running an aging version of Amazon Linux and don’t want to blow up your system by wedging in yum repos from distributions that aren’t quite in line with the CentOS derived Amazon Linux.
Instructions on the web call on users to use Fedora or RHEL yum repos for CentOS users; but on Amazon Linux, you’re kind of twice-removed.
So long-story short, here’s some fodder for those who want the benefits of LetsEncrypt without the fluff of a repo.
My instructions will be for Apache/HTTPD, but you’ll see the key linch-pin item below.
First, start by downloading Certbot by hand:
1 2 3 |
cd /usr/local/bin wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto |
Second, back up your Apache HTTPD configuration:
1 |
tar -czvf /root/httpd-backup.tar.gz /etc/httpd |
Third, test certbot-auto and let it ‘bootstrap’ dependencies:
** An error is likely here**
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
./certbot-auto --debug Bootstrapping dependencies for Amazon... (you can skip this with --no-bootstrap) yum is /usr/bin/yum yum is hashed (/usr/bin/yum) Loaded plugins: priorities, upgrade-helper amzn-main | 2.1 kB 00:00:00 amzn-updates | 2.5 kB 00:00:00 1066 packages excluded due to repository priority protections Package 1:openssl-1.0.2k-16.150.amzn1.x86_64 already installed and latest version Package 1:openssl-devel-1.0.2k-16.150.amzn1.x86_64 already installed and latest version Package system-rpm-config-9.0.3-42.28.amzn1.noarch already installed and latest version Package ca-certificates-2018.2.22-65.1.20.amzn1.noarch already installed and latest version Resolving Dependencies ... (ETC ETC)... |
Error from certbot – “creating virtual environment” gives an error: “No such file or directory”:
After running the command above – you may see this error after it installs the dependencies for certbot:
1 2 3 4 5 6 7 8 9 10 11 12 13 |
Creating virtual environment... Traceback (most recent call last): File "", line 27, in File "", line 19, in create_venv File "/usr/lib64/python2.7/subprocess.py", line 185, in check_call retcode = call(*popenargs, **kwargs) File "/usr/lib64/python2.7/subprocess.py", line 172, in call return Popen(*popenargs, **kwargs).wait() File "/usr/lib64/python2.7/subprocess.py", line 394, in __init__ errread, errwrite) File "/usr/lib64/python2.7/subprocess.py", line 1047, in _execute_child raise child_exception OSError: [Errno 2] No such file or directory |
After some searching, I’ve found that this is really easy to solve!
To fix, upgrade pip and REMOVE virtualenv:
1 2 3 4 5 6 |
1. pip-2.7 install --upgrade pip // Note: You might need to change the 2.7 to your python version 2. pip uninstall virtualenv // note: when you do the upgrade, you'll see normal 'pip' is now in your path // No need to do pip-<version> 3. pip uninstall virtualenv |
Now you’ll see that certbot works like a champ!
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
certbot-auto --debug --test --apache Bootstrapping dependencies for Amazon... (you can skip this with --no-bootstrap) yum is /usr/bin/yum yum is hashed (/usr/bin/yum) Loaded plugins: priorities, upgrade-helper 1066 packages excluded due to repository priority protections Package gcc-4.8.5-1.22.amzn1.noarch already installed and latest version Package augeas-libs-1.0.0-5.7.amzn1.x86_64 already installed and latest version Package 1:openssl-1.0.2k-16.150.amzn1.x86_64 already installed and latest version Package 1:openssl-devel-1.0.2k-16.150.amzn1.x86_64 already installed and latest version Package libffi-devel-3.0.13-16.5.amzn1.x86_64 already installed and latest version Package system-rpm-config-9.0.3-42.28.amzn1.noarch already installed and latest version Package ca-certificates-2018.2.22-65.1.20.amzn1.noarch already installed and latest version Package python27-devel-2.7.16-1.125.amzn1.x86_64 already installed and latest version Package python27-virtualenv-15.1.0-1.14.amzn1.noarch already installed and latest version Package python27-tools-2.7.16-1.125.amzn1.x86_64 already installed and latest version Package python27-pip-9.0.3-1.26.amzn1.noarch already installed and latest version Nothing to do Creating virtual environment... Installing Python packages... Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache (ETC ETC ETC...) |
Once you’ve established a working test configuration with certbot – you should see a LetsEncrypt test certificate on your site, it’s time to run the real command without the --test
flag.
certbot-auto --debug --apache
If all goes well, you’ll have a completely valid and proper SSL certificate for free via LetsEncrypt!
I won’t cover the automation aspect as there are already endless write-ups on how to do that.
No Comments on Certbot on Amazon Linux without using Yum – Fix [Errno 2] No such file or directory