環境
・CentOS release 6.10 (Final)
・Python 2.6.6
背景
初回の証明書取得の際には特にトラブるなく設定できたが、cronによる更新は失敗してしまった。1回目は手動で更新してうまくいったようだが、cronにお任せしていたらまたもや自動更新に失敗してしまった。1回目の手動更新の手続きを失念してしまったため、記録のために記す。
失敗例
特に、何もひねりもなく更新コマンドを叩く。
[ ]# /usr/local/certbot/certbot-auto renew --webroot -w /var/www/html/my.domain
Upgrading certbot-auto 1.5.0 to 1.6.0...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Had a problem while installing Python packages.
pip prints the following errors:
=====================================================
Ignoring enum34: markers 'python_version < "3.4"' don't match your environment
Collecting ConfigArgParse==1.2.3 (from -r /tmp/tmp.8sNbXjFdxb/letsencrypt-auto-requirements.txt (line 12))
Downloading https://files.pythonhosted.org/packages/bb/79/3045743bb26ca2e44a1d317c37395462bfed82dbbd38e69a3280b63696ce/ConfigArgParse-1.2.3.tar.gz (42kB)
Collecting certifi==2020.4.5.1 (from -r /tmp/tmp.8sNbXjFdxb/letsencrypt-auto-requirements.txt (line 14))
Downloading https://files.pythonhosted.org/packages/57/2b/26e37a4b034800c960a00c4e1b3d9ca5d7014e983e6e729e33ea2f36426c/certifi-2020.4.5.1-py2.py3-n one-any.whl (157kB)
Collecting cffi==1.14.0 (from -r /tmp/tmp.8sNbXjFdxb/letsencrypt-auto-requirements.txt (line 17))
Downloading https://files.pythonhosted.org/packages/f1/c7/72abda280893609e1ddfff90f8064568bd8bcb2c1770a9d5bb5edb2d1fea/cffi-1.14.0-cp36-cp36m-manyl inux1_x86_64.whl (399kB)
Collecting chardet==3.0.4 (from -r /tmp/tmp.8sNbXjFdxb/letsencrypt-auto-requirements.txt (line 46))
Downloading https://files.pythonhosted.org/packages/bc/a9/01ffebfb562e4274b6487b4bb1ddec7ca55ec7510b22e4c51f14098443b8/chardet-3.0.4-py2.py3-none-a ny.whl (133kB)
Collecting configobj==5.0.6 (from -r /tmp/tmp.8sNbXjFdxb/letsencrypt-auto-requirements.txt (line 49))
Downloading https://files.pythonhosted.org/packages/64/61/079eb60459c44929e684fa7d9e2fdca403f67d64dd9dbac27296be2e0fab/configobj-5.0.6.tar.gz
Collecting cryptography==2.8 (from -r /tmp/tmp.8sNbXjFdxb/letsencrypt-auto-requirements.txt (line 51))
Downloading https://files.pythonhosted.org/packages/45/73/d18a8884de8bffdcda475728008b5b13be7fbef40a2acc81a0d5d524175d/cryptography-2.8-cp34-abi3-m anylinux1_x86_64.whl (2.3MB)
Collecting distro==1.5.0 (from -r /tmp/tmp.8sNbXjFdxb/letsencrypt-auto-requirements.txt (line 73))
Downloading https://files.pythonhosted.org/packages/25/b7/b3c4270a11414cb22c6352ebc7a83aaa3712043be29daa05018fd5a5c956/distro-1.5.0-py2.py3-none-an y.whl
Collecting funcsigs==1.0.2 (from -r /tmp/tmp.8sNbXjFdxb/letsencrypt-auto-requirements.txt (line 80))
Downloading https://files.pythonhosted.org/packages/69/cb/f5be453359271714c01b9bd06126eaf2e368f1fddfff30818754b5ac2328/funcsigs-1.0.2-py2.py3-none- any.whl
Exception:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/pip/_vendor/requests/packages/urllib3/response.py", line 232, in _error_catcher
yield
File "/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/pip/_vendor/requests/packages/urllib3/response.py", line 314, in read
data = self._fp.read(amt)
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/http/client.py", line 459, in read
n = self.readinto(b)
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/http/client.py", line 503, in readinto
n = self.fp.readinto(b)
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/socket.py", line 586, in readinto
return self._sock.recv_into(b)
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/ssl.py", line 1012, in recv_into
return self.read(nbytes, buffer)
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/ssl.py", line 874, in read
return self._sslobj.read(len, buffer)
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/ssl.py", line 631, in read
v = self._sslobj.read(len, buffer)
socket.timeout: The read operation timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/pip/basecommand.py", line 215, in main
status = self.run(options, args)
File "/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/pip/commands/install.py", line 324, in run
requirement_set.prepare_files(finder)
File "/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/pip/req/req_set.py", line 380, in prepare_files
ignore_dependencies=self.ignore_dependencies))
File "/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/pip/req/req_set.py", line 620, in _prepare_file
session=self.session, hashes=hashes)
File "/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/pip/download.py", line 821, in unpack_url
hashes=hashes
File "/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/pip/download.py", line 659, in unpack_http_url
hashes)
File "/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/pip/download.py", line 882, in _download_http_url
_download_url(resp, link, content_file, hashes)
File "/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/pip/download.py", line 603, in _download_url
hashes.check_against_chunks(downloaded_chunks)
File "/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/pip/utils/hashes.py", line 46, in check_against_chunks
for chunk in chunks:
File "/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/pip/download.py", line 571, in written_chunks
for chunk in chunks:
File "/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/pip/download.py", line 560, in resp_read
decode_content=False):
File "/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/pip/_vendor/requests/packages/urllib3/response.py", line 357, in stream
data = self.read(amt=amt, decode_content=decode_content)
File "/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/pip/_vendor/requests/packages/urllib3/response.py", line 324, in read
flush_decoder = True
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/contextlib.py", line 99, in __exit__
self.gen.throw(type, value, traceback)
File "/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/pip/_vendor/requests/packages/urllib3/response.py", line 237, in _error_catcher
raise ReadTimeoutError(self._pool, None, 'Read timed out.')
pip._vendor.requests.packages.urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host='files.pythonhosted.org', port=443): Read timed out.
=====================================================
Certbot has problem setting up the virtual environment.
We were not be able to guess the right solution from your pip
output.
Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-environment
for possible solutions.
You may also find some support resources at https://certbot.eff.org/support/ .
そうか、python_version < “3.4”と記載されているのでバージョンが合わないのだな。
SCLとか言うのをインストールしていたらしい。
どうやってpythonのバージョンを変更するのか?
[ ]# scl -l python27 rh-python36
どうやらversion3.6をインストールしているらしい。
どうやって使うんだっけ?
ワンライナーで指定するのならば
scl enable pythonxx "~/certbot-auto renew"
逐次やるのならば、
[ ]# scl enable rh-python36 bash [ ]# python Python 3.6.9 (default, Nov 11 2019, 10:00:15) [GCC 4.4.7 20120313 (Red Hat 4.4.7-23)] on linux Type "help", "copyright", "credits" or "license" for more information.
python 3.6.9が有効になりました!
pythonのバージョンを代えても更新できず
sudo scl enable python27 '/usr/local/certbot/certbot-auto renew --webroot -w /var/www/html/my.domain'
sudo scl enable rh-python36 '/usr/local/certbot/certbot-auto renew --webroot -w /var/www/html/my.domain'
いずれのパターンを試しましたが、いずれも失敗。
[ ]# sudo scl enable python27 '/usr/local/certbot/certbot-auto renew --webroot -w /var/www/html/my.domain'
Bootstrapping dependencies for RedHat-based OSes... (you can skip this with --no-bootstrap)
yum is /usr/bin/yum
yum is hashed (/usr/bin/yum)
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: ftp.iij.ad.jp
* centos-sclo-rh: ftp.iij.ad.jp
* centos-sclo-sclo: ftp.iij.ad.jp
* epel: ftp.iij.ad.jp
* extras: ftp.iij.ad.jp
* updates: ftp.iij.ad.jp
Package gcc-4.4.7-23.el6.x86_64 already installed and latest version
Package augeas-libs-1.0.0-10.el6.x86_64 already installed and latest version
Package openssl-1.0.1e-58.el6_10.x86_64 already installed and latest version
Package openssl-devel-1.0.1e-58.el6_10.x86_64 already installed and latest version
Package libffi-devel-3.0.5-3.2.el6.x86_64 already installed and latest version
Package redhat-rpm-config-9.0.3-51.el6.centos.noarch already installed and latest version
Package ca-certificates-2019.2.32-65.1.el6_10.noarch already installed and latest version
Package python-devel-2.6.6-68.el6_10.x86_64 already installed and latest version
Package python-virtualenv-12.0.7-1.el6.noarch already installed and latest version
Package python-tools-2.6.6-68.el6_10.x86_64 already installed and latest version
Package python-pip-7.1.0-2.el6.noarch already installed and latest version
Package 1:mod_ssl-2.2.15-69.el6.centos.x86_64 already installed and latest version
Nothing to do
Creating virtual environment...
Installing Python packages...
Had a problem while installing Python packages.
pip prints the following errors:
=====================================================
Collecting ConfigArgParse==1.2.3 (from -r /tmp/tmp.ja8oJF2hpE/letsencrypt-auto-requirements.txt (line 12))
Downloading https://files.pythonhosted.org/packages/bb/79/3045743bb26ca2e44a1d317c37395462bfed82dbbd38e69a3280b63696ce/ConfigArgParse-1.2.3.tar.gz (42kB)
Collecting certifi==2020.4.5.1 (from -r /tmp/tmp.ja8oJF2hpE/letsencrypt-auto-requirements.txt (line 14))
Downloading https://files.pythonhosted.org/packages/57/2b/26e37a4b034800c960a00c4e1b3d9ca5d7014e983e6e729e33ea2f36426c/certifi-2020.4.5.1-py2.py3-none-any.whl (157kB)
Collecting cffi==1.14.0 (from -r /tmp/tmp.ja8oJF2hpE/letsencrypt-auto-requirements.txt (line 17))
Downloading https://files.pythonhosted.org/packages/08/29/8001b940ef40e7a25ffe8f3188bc9b118934b513d64f769dbf461e46f4ed/cffi-1.14.0-cp27-cp27mu-manylinux1_x86_64.whl (387kB)
Collecting chardet==3.0.4 (from -r /tmp/tmp.ja8oJF2hpE/letsencrypt-auto-requirements.txt (line 46))
Downloading https://files.pythonhosted.org/packages/bc/a9/01ffebfb562e4274b6487b4bb1ddec7ca55ec7510b22e4c51f14098443b8/chardet-3.0.4-py2.py3-none-any.whl (133kB)
Collecting configobj==5.0.6 (from -r /tmp/tmp.ja8oJF2hpE/letsencrypt-auto-requirements.txt (line 49))
Downloading https://files.pythonhosted.org/packages/64/61/079eb60459c44929e684fa7d9e2fdca403f67d64dd9dbac27296be2e0fab/configobj-5.0.6.tar.gz
Collecting cryptography==2.8 (from -r /tmp/tmp.ja8oJF2hpE/letsencrypt-auto-requirements.txt (line 51))
Downloading https://files.pythonhosted.org/packages/e2/67/4597fc5d5de01bb44887844647ab8e73239079dd478c35c52d58a9eb3d45/cryptography-2.8-cp27-cp27mu-manylinux1_x86_64.whl (2.3MB)
Exception:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/basecommand.py", line 215, in main
status = self.run(options, args)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/commands/install.py", line 324, in run
requirement_set.prepare_files(finder)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/req/req_set.py", line 380, in prepare_files
ignore_dependencies=self.ignore_dependencies))
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/req/req_set.py", line 620, in _prepare_file
session=self.session, hashes=hashes)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/download.py", line 821, in unpack_url
hashes=hashes
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/download.py", line 659, in unpack_http_url
hashes)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/download.py", line 882, in _download_http_url
_download_url(resp, link, content_file, hashes)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/download.py", line 603, in _download_url
hashes.check_against_chunks(downloaded_chunks)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/utils/hashes.py", line 46, in check_against_chunks
for chunk in chunks:
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/download.py", line 571, in written_chunks
for chunk in chunks:
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/utils/ui.py", line 139, in iter
for x in it:
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/download.py", line 560, in resp_read
decode_content=False):
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/response.py", line 357, in stream
data = self.read(amt=amt, decode_content=decode_content)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/response.py", line 324, in read
flush_decoder = True
File "/opt/rh/python27/root/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/response.py", line 246, in _error_catcher
raise ReadTimeoutError(self._pool, None, 'Read timed out.')
ReadTimeoutError: HTTPSConnectionPool(host='files.pythonhosted.org', port=443): Read timed out.
=====================================================
Certbot has problem setting up the virtual environment.
We were not be able to guess the right solution from your pip
output.
Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-environment
for possible solutions.
You may also find some support resources at https://certbot.eff.org/support/ .
もう訳ワカメですよ。
解決
同じ悩みを持つ同士を検索。
https://community.letsencrypt.org/t/cannot-get-new-certificate-readtimeout-error/94586/10
こいつら英語喋ってるよ、解読不能。
/etc/hosts を編集すればいいんじゃねとか、言っちゃってたりするので、ひとまず確認しましょうか。
[ ]# cat /etc/hosts 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost
ふむふむ、よく分からないが、エラーメッセージとしては、files.pythonhosted.orgにアクセスするとタイムアウトしちゃうとのこと。
ReadTimeoutError: HTTPSConnectionPool(host='files.pythonhosted.org', port=443): Read timed out.
上記のサイトによると、/etc/hostsで名前解決してあげなさい、ということらしい。pingを叩いたり、
ping files.pythonhosted.org
https://www.ip-domain-search.com/cgi-bin/safety_svc2/mail_check_tool.cgi
ドメイン-ip検索サイトでIPアドレスを確認して、以下の通りに編集。
[ ]# cat /etc/hosts 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost 151.101.229.63 files.pythonhosted.org
そうすると、何事もなかったのように、証明書が更新されるのだよ。
[ ]# sudo scl enable python27 '/usr/local/certbot/certbot-auto renew --webroot -w /var/www/html/my.domain --no-bootstrap' Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/my.domain.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for my.domain Using the webroot path /var/www/html/my.domain for all unmatched domains. Waiting for verification... Cleaning up challenges - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed without reload, fullchain is /etc/letsencrypt/live/my.domain/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/my.domain/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
訳ワカメ。