Opened 5 years ago

Closed 5 years ago

#2264 closed task (fixed)

Fix Letsencrypt on webextra

Reported by: robe Owned by: sac@…
Priority: normal Milestone: Sysadmin Contract 2019-I
Component: SysAdmin Keywords:
Cc:

Description

Letsencrypt on webextra was broken as wildintellect pointed out since notice for europe.foss4g.org was sent that it was about to expire.

Change History (1)

comment:1 by robe, 5 years ago

Resolution: fixed
Status: newclosed

The issue of what went wrong it output in this issue on certbot

https://github.com/certbot/certbot/issues/6824

and there were many suggestions there of what to do.

Basically the old syntax for pip is: pip install somepackage The new syntax is : pip -m install somepackage

and unfortunately since Debian7 is EOL'd which is what is running on webextra, the pip needs old syntax. That said pip wasn't even installed, so I stupidly before reading the above, tried to install it with: 

apt-get install python-pip

which failed and then doing 

wget https://bootstrap.pypa.io/get-pip.py
sudo python2.7 get-pip.py

Which still gave me an old pip but at least worked. But anyrate hopefully this did not break anything.

So in the end I downgraded the certbot to the .31 and turned off auto-upgrading using a suggestion from the above issue ticket 

/usr/src/letsencrypt/certbot
mv certbot-auto certbot-auto-broken
wget https://raw.githubusercontent.com/certbot/certbot/75499277be6699fd5a9b884837546391950a3ec9/certbot-auto
chmod +x ./certbot-auto
/usr/src/letsencrypt/certbot/certbot-auto renew --no-self-upgrade

and changed the cronjob to include the --no-self-upgrade switch.

That seemed to do the trick. This is a bandage for now. webextra will just need to be rebuilt which I have on my list.

Note: See TracTickets for help on using tickets.