CentOS7でLet’s Encryptを更新できない

Tweet

Check

CentOS7でいつものようにDNSによる認証で更新しようとしたら、エラーがでた。

# certbot certonly --preferred-challenges dns-01 --authenticator manual --domain xxxx.jp

Traceback (most recent call last):
  File "/bin/certbot", line 9, in <module>
    load_entry_point('certbot==0.27.1', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 378, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2566, in load_entry_point
    return ep.load()
  File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2260, in load
    entry = __import__(self.module_name, globals(),globals(), ['__name__'])
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 21, in <module>
    from certbot import client
  File "/usr/lib/python2.7/site-packages/certbot/client.py", line 16, in <module>
    from acme import client as acme_client
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 36, in <module>
    requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3()  # type: ignore
  File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 118, in inject_into_urllib3
    _validate_dependencies_met()
  File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 153, in _validate_dependencies_met
    raise ImportError("'pyOpenSSL' module missing required functionality. "
ImportError: 'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.

pyOpenSSLのバージョンを0.14以上にしろとあるが、
とりあえずcertbotが古そうなのでアップデートして、試してみると別のエラーが。

# yum update certbot
# certbot certonly --preferred-challenges dns-01 --authenticator manual --domain xxxx.jp

Traceback (most recent call last):
  File "/bin/certbot", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 3011, in <module>
    parse_requirements(__requires__), Environment()
  File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 626, in resolve
    raise DistributionNotFound(req)
pkg_resources.DistributionNotFound: acme>=0.29.0

acmeが古い？
pythonとacmeをアップデートしてみたが、今度は「requests 2.6.0」のエラー。

# yum update python
# pip install -U acme
# certbot certonly --preferred-challenges dns-01 --authenticator manual --domain xxxx.jp

Traceback (most recent call last):
  File "/bin/certbot", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 3007, in <module>
    working_set.require(__requires__)
  File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 728, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 631, in resolve
    requirements.extend(dist.requires(req.extras)[::-1])
  File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2497, in requires
    "%s has no such extra feature %r" % (self, ext)
pkg_resources.UnknownExtra: requests 2.6.0 has no such extra feature 'security'

requests[security]をインストールしてみようとしたが、ダメだった。

# pip install requests[security]

Requirement already satisfied: requests[security] in /usr/lib/python2.7/site-packages (2.6.0)
  requests 2.6.0 does not provide the extra 'security'

解決に時間がかかりそうなので、あきらめてcertbot-autoをインストールして対応した。

# wget https://dl.eff.org/certbot-auto
# chmod a+x certbot-auto

#./certbot-auto --debug certonly --preferred-challenges dns-01 --authenticator manual --domain xxxx.jp