ç§ã次ã®ããã«certbotãå®è¡ãããšïŒ
sudo certbot --nginx
ç§ã¯åŸãïŒ
Traceback (most recent call last):
File "/bin/certbot", line 9, in <module>
load_entry_point('certbot==0.26.1', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 570, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2751, in load_entry_point
return ep.load()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2405, in load
return self.resolve()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2411, in resolve
module = __import__(self.module_name, fromlist=['__name__'], level=0)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 21, in <module>
from certbot import client
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 16, in <module>
from acme import client as acme_client
File "/usr/lib/python2.7/site-packages/acme/client.py", line 39, in <module>
urllib3.contrib.pyopenssl.inject_into_urllib3()
AttributeError: 'module' object has no attribute 'pyopenssl'
ç§ã®PythonããŒãžã§ã³ã¯2.7.12ã§ãLinux OSïŒ7.4ã§ãã
ããã¯ãOSããã±ãŒãžãããŒãžã£ãŒããã€ã³ã¹ããŒã«ãããPythonããã±ãŒãžãšïŒ6245ã®ãããªpip
ãšã®ç«¶åãåå ã§ãããšæãããŸãã
ã©ã®LinuxOSã䜿çšããŠããŠãã©ã®ããã«Certbotãã€ã³ã¹ããŒã«ããŸãããïŒ
åãïŒãŸãã¯ã»ãšãã©åãïŒãšã©ãŒãçºçããŸããïŒ
# yum install certbot
...
Running transaction
Installing : pyOpenSSL-0.13.1-3.el7.x86_64 1/6
Installing : python2-josepy-1.1.0-1.el7.noarch 2/6
Installing : python-ndg_httpsclient-0.3.2-1.el7.noarch 3/6
Installing : python2-acme-0.26.1-1.el7.noarch 4/6
Installing : python2-certbot-0.26.1-2.el7.noarch 5/6
Installing : certbot-0.26.1-2.el7.noarch 6/6
Verifying : pyOpenSSL-0.13.1-3.el7.x86_64 1/6
Verifying : python2-josepy-1.1.0-1.el7.noarch 2/6
Verifying : python2-acme-0.26.1-1.el7.noarch 3/6
Verifying : python2-certbot-0.26.1-2.el7.noarch 4/6
Verifying : certbot-0.26.1-2.el7.noarch 5/6
Verifying : python-ndg_httpsclient-0.3.2-1.el7.noarch 6/6
Installed:
certbot.noarch 0:0.26.1-2.el7
Dependency Installed:
pyOpenSSL.x86_64 0:0.13.1-3.el7 python-ndg_httpsclient.noarch 0:0.3.2-1.el7 python2-acme.noarch 0:0.26.1-1.el7 python2-certbot.noarch 0:0.26.1-2.el7 python2-josepy.noarch 0:1.1.0-1.el7
Complete!
# certbot --version
Traceback (most recent call last):
File "/bin/certbot", line 9, in <module>
load_entry_point('certbot==0.26.1', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 378, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2566, in load_entry_point
return ep.load()
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2260, in load
entry = __import__(self.module_name, globals(),globals(), ['__name__'])
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 21, in <module>
from certbot import client
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 16, in <module>
from acme import client as acme_client
File "/usr/lib/python2.7/site-packages/acme/client.py", line 39, in <module>
urllib3.contrib.pyopenssl.inject_into_urllib3()
AttributeError: 'module' object has no attribute 'pyopenssl'
OSããŒãžã§ã³ïŒCentOS LinuxãªãªãŒã¹7.5.1804ïŒã³ã¢ïŒ
EDIT2ã¯ïŒã«é¢ããŠã¯https://github.com/certbot/certbot/issues/6245 ãã®python-urllib3ã¯yumã䜿ã£ãŠã€ã³ã¹ããŒã«ãããŠãããçŸåšã®ããŒãžã§ã³ïŒ1.10.2-5.el7ã¯ïŒã«èšèŒãããã·ã³ããªãã¯ãªã³ã¯ãæã£ãŠããŸããã packages/ssl_match_hostname
ãããã¡ã€ã«ãå«ãéåžžã®ãã£ã¬ã¯ããªãšããŠã
åé¡ãåçŸããããšãããšã次ã®ããã«ãªããŸãã
# python
Python 2.7.5 (default, Jul 13 2018, 13:06:57)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-28)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import urllib3.contrib.pyopenssl
>>> urllib3.contrib.pyopenssl.inject_into_urllib3()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 118, in inject_into_urllib3
_validate_dependencies_met()
File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 153, in _validate_dependencies_met
raise ImportError("'pyOpenSSL' module missing required functionality. "
ImportError: 'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.
>>>
# yum info pyOpenSSL
...
Installed Packages
Name : pyOpenSSL
Arch : x86_64
Version : 0.13.1
Release : 3.el7
Size : 628 k
Repo : installed
ãããã£ãŠã pyOpenSSL
v0.14ã«ã¯urllib3.contrib.pyopenssl
ãµã€ã¬ã³ãããŒãžã§ã³äŸåé¢ä¿ãããããã§ãããããã¯çŸæç¹ã§ã¯Centos7ã«ãã£ãŠæäŸãããŠããŸããã
ç·šéïŒ httpsïŒ //cbs.centos.org/koji/buildinfoïŒbuildID = 1500ããæ°ããããŒãžã§ã³ïŒ0.15.1ïŒãã€ã³ã¹ããŒã«ãããšãäžèšã®ãšã©ãŒã¯æ¶ããŸãããcertbotã«ãã£ãŠçæããããšã©ãŒã¯æ¶ããŸããã
usr/lib/python2.7/site-packages/acme/client.py
䜿ã£ãè©Šè¡é¯èª€ã®çµæã from requests_toolbelt.adapters.source import SourceAddressAdapter
ã€ã³ããŒãã«ã³ã¡ã³ããããšããšã©ãŒãæ¶ãããšããçºèŠã«ã€ãªãããŸããã
幞ããããã¯1åã ã䜿çšãããã®ã§ã source_address
ãæäŸããéãããã®ããã»ã©åŸ®åŠã§ã¯ãªãä¿®æ£ãåé¿ã§ããŸãã :)
@ github-abcdeã httpsïŒ //community.letsencrypt.orgã«æçš¿ããããšããå§ãã
python -c 'import requests; requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3()'
ãããŠ
python -c 'import urllib3.contrib.pyopenssl; urllib3.contrib.pyopenssl.inject_into_urllib3()'
ç§ã®ããã«åãã
ããã«ã python-urllib3 1.10.2-5.el7
ã€ã³ã¹ããŒã«ããåŸã /usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py
ã¯ãpyOpenSSLã®ããŒãžã§ã³ã0.14æªæºã®å Žåã«äŸå€ãçºçãããã³ãŒããå«ãŸããŠããŸããã
ããŸããŸãªãœãŒã¹ããã®ããã±ãŒãžãæ··åšããŠãããšæããŸãã https://community.letsencrypt.orgã«ã¯ãåé¡ã®è¿œè·¡ãæ¯æŽã§ããã¯ãã®ãã倧ããªã³ãã¥ããã£ããããŸãã
ããªããæ£ããã§ãã ããã€ãã®è©³çŽ°ãªæ€çŽ¢ã®åŸãpip3ã䜿çšããŠã¢ãžã¥ãŒã«ãã€ã³ã¹ããŒã«ããã¯ãã ã£ããã®ããå®éã«ã¯python -m pip
ã䜿çšããŠã€ã³ã¹ããŒã«ããããã«èŠããŸãã... python2.7ã䜿çšããŠurllib3/conrtib/pyopenssl.py
ãäžæžãããŠããŸã...ããããšãããªãã®ãã€ã³ã¿ã®ããã«ãããã¯ç§ã«ããã«èª¿ã¹ãããšãäœåãªããããŸãã:)
ç§ãããã§æ±ããŠããã®ãšåãåé¡ã
ãã¡ã€ã« "/usr/lib/python2.7/site-packages/acme/client.py"ã39è¡ç®
urllib3.contrib.pyopenssl.inject_into_urllib3ïŒïŒ
AttributeErrorïŒ 'ã¢ãžã¥ãŒã«'ãªããžã§ã¯ãã«å±æ§ 'pyopenssl'ããããŸãã
CentOS 7.3
ãããç§ã®è§£æ±ºçã§ãïŒ
pip install requests==2.6.0
easy_install --upgrade pip
ç§ãä»ãããèŠãŠããŸãã Centos 7ã®æ°èŠã€ã³ã¹ããŒã«ãpipçµç±ã§ã®ã€ã³ã¹ããŒã«ãyumçµç±ã§ã®certbotã®ã€ã³ã¹ããŒã«
Linux localhost.localdomain 3.10.0-862.2.3.el7.x86_64ïŒ1 SMP Wed May 9 18:05:47 UTC 2018 x86_64 x86_64 x86_64 GNU / Linux
@monkeyWieã®ãã³ãã¯ç§ã«ã¯ããŸã
[ vagrant @ localhostã ] $ pipã€ã³ã¹ããŒã«ãªã¯ãšã¹ã== 2.6.0
èŠä»¶ã¯ãã§ã«æºããããŠããŸãïŒ/usr/lib/python2.7/site-packagesã®requests == 2.6.0
æ°æ¥åãæ°ããcentos 7ãã«ãã§certbotããŸã£ããæ©èœãããããšãã§ããªããªããŸã§ãcertbotãåé¡ãªã䜿çšããŠããŸããã
vagrant<strong i="14">@localhost</strong> ~]$ sudo certbot --nginx
Traceback (most recent call last):
File "/usr/bin/certbot", line 9, in <module>
load_entry_point('certbot==0.27.1', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 484, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2714, in load_entry_point
return ep.load()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2332, in load
return self.resolve()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2338, in resolve
module = __import__(self.module_name, fromlist=['__name__'], level=0)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 21, in <module>
from certbot import client
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 16, in <module>
from acme import client as acme_client
File "/usr/lib/python2.7/site-packages/acme/client.py", line 36, in <module>
requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3() # type: ignore
File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 118, in inject_into_urllib3
_validate_dependencies_met()
File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 153, in _validate_dependencies_met
raise ImportError("'pyOpenSSL' module missing required functionality. "
ImportError: 'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.
ãã®ãããªåé¡ã¯ã yum
ãšpip
äž¡æ¹ããã°ããŒãã«ã«ããã±ãŒãžãã€ã³ã¹ããŒã«ããããšã«ãã£ãŠçºçããŸãã æ®å¿µãªãããã·ã¹ãã äžã®Pythonç°å¢ã®ã¯ãªãŒã³ã¢ãããæ¯æŽããããšã¯ã§ããŸãããã httpsïŒ//community.letsencrypt.orgã«æçš¿ãããšãæ¯æŽã§ãã倧èŠæš¡ãªãŠãŒã¶ãŒããŒã¹ãååšããŸãã
Centos 7.6ãã¯ãªãŒã³ã€ã³ã¹ããŒã«ããEpelãªããžããªããCertbotãè¿œå ãããšåãåé¡ãçºçããŸããã å®è¡ããããšã§åé¡ãä¿®æ£ããŸããpip install requests==2.6.0
ããã¯ãŸã åé¡ã ãšæããŸãã
åãã
CentOS LinuxãªãªãŒã¹7.6.1810ïŒã³ã¢ïŒ
ã€ã³ã¹ããŒã«ïŒ
sudo yum install certbot python2-certbot-nginx
ãããŠå®è¡ããŸãïŒ
# certbot --help
Traceback (most recent call last):
File "/usr/bin/certbot", line 9, in <module>
load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 378, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2566, in load_entry_point
return ep.load()
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2260, in load
entry = __import__(self.module_name, globals(),globals(), ['__name__'])
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 21, in <module>
from certbot import client
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 16, in <module>
from acme import client as acme_client
File "/usr/lib/python2.7/site-packages/acme/client.py", line 40, in <module>
urllib3.contrib.pyopenssl.inject_into_urllib3()
AttributeError: 'module' object has no attribute 'pyopenssl'
ãããç§ã®è§£æ±ºçã§ãïŒ
pip install requests==2.6.0 easy_install --upgrade pip
Centos7ã§ç§ã®ããã«åãã
åæããŸããã yumã䜿çšããããã©ã«ãã®ã€ã³ã¹ããŒã«ãæ©èœããŠããŸããã åŸã§ä¿®æ£ããå¿
èŠããããŸã
åæã€ã³ã¹ããŒã«ã åäœç¶æ
ã§ã€ã³ã¹ããŒã«ããå¿
èŠããããŸãã
2019幎4æ14æ¥ãæ¥ææ¥ã07ïŒ54 Michael Lindnerã notifications @ github.com
æžããŸããïŒ
ãããç§ã®è§£æ±ºçã§ãïŒ
pipã€ã³ã¹ããŒã«ãªã¯ãšã¹ã== 2.6.0
easy_install --upgrade pipCentos7ã§ç§ã®ããã«åãã
â
ããªããã³ã¡ã³ãããã®ã§ããªãã¯ãããåãåã£ãŠããŸãã
ãã®ã¡ãŒã«ã«çŽæ¥è¿ä¿¡ããGitHubã§è¡šç€ºããŠãã ãã
https://github.com/certbot/certbot/issues/6328#issuecomment-482922170 ã
ãŸãã¯ã¹ã¬ããããã¥ãŒãããŸã
https://github.com/notifications/unsubscribe-auth/AMsov79Wu4KJJLs0jJUN-fhs6WO2YROuks5vgsKzgaJpZM4WS5Gq
ã
çæ³çã«ã¯Dockerã®ãããªãã®ã§ãããåçŸããæ¹æ³ã«ã€ããŠèª°ããæ瀺ãäžããããšãã§ããã°ãç§ã¯å¥ã®èŠæ¹ãããããšæããŸãããããã§ãããã¯è€æ°ã®ãœãŒã¹ããPythonããã±ãŒãžãã€ã³ã¹ããŒã«ããå Žåã«ã®ã¿çºçãããšæããŸãã
ããã¯éåžžã®äž¡æ¹ããããã±ãŒãžãã€ã³ã¹ããŒã«ããããšã«ãã£ãŠåŒãèµ·ãããyum
ãšpip
ãšããªããã€ã³ã¹ããŒã«ããããã±ãŒãžã®åé€pip
ãšããããããåã€ã³ã¹ããŒã«ããyum
解決ããå¿
èŠããããŸãåé¡ã
Centos7.6ã®ã¯ãªãŒã³ã€ã³ã¹ããŒã«ã§çºçããããšã確èªã§ããŸãã
certbotãè¿œå ããEPELãªããžããªã
2019幎4æ15æ¥æææ¥ã19ïŒ35 Brad Warrenã notifications @ github.comã¯æ¬¡ã®ããã«æžããŠããŸãã
誰ãããããåçŸããæ¹æ³ã«ã€ããŠã®æ瀺ãæäŸã§ãããªããçæ³çã«ã¯
Dockerã®ãããªãã®ã§ãããäžåºŠèŠãŠã¿ãããšæããŸãããããã§ã
ããã¯ãè€æ°ã®Pythonããã±ãŒãžãã€ã³ã¹ããŒã«ããå Žåã«ã®ã¿çºçãããšèããŠããŸã
ãœãŒã¹ãããã¯éåžžãyumãšpipã®äž¡æ¹ããããã±ãŒãžãã€ã³ã¹ããŒã«ããããšã«ãã£ãŠçºçããŸãã
pipã§ã€ã³ã¹ããŒã«ããããã±ãŒãžãåé€ããåã€ã³ã¹ããŒã«ããŸã
yumã䜿çšãããšãåé¡ã解決ããã¯ãã§ããâ
ããªããã³ã¡ã³ãããã®ã§ããªãã¯ãããåãåã£ãŠããŸãã
ãã®ã¡ãŒã«ã«çŽæ¥è¿ä¿¡ããGitHubã§è¡šç€ºããŠãã ãã
https://github.com/certbot/certbot/issues/6328#issuecomment-483346939 ã
ãŸãã¯ã¹ã¬ããããã¥ãŒãããŸã
https://github.com/notifications/unsubscribe-auth/AMsovzeRLjz2j0odmgWGxyyAVy9VBp3Tks5vhLhLgaJpZM4WS5Gq
ã
ç§ã¯ãã®åé¡ãæ±ããŠããŸããïŒcentosïŒ
[bob<strong i="6">@bla</strong> ~]# certbot renew 2>&1 | tail -2
urllib3.contrib.pyopenssl.inject_into_urllib3()
AttributeError: 'module' object has no attribute 'pyopenssl'
ãšpipãã€ã³ã¹ããŒã«ãããŠããŸãã[bob<strong i="10">@bla</strong> ~]# pip install requests==2.6.0
-bash: pip: command not found
EPELãªããžããªã䜿çšããŠcertbotãè¿œå ããCentos7.6ãã¯ãªãŒã³ã€ã³ã¹ããŒã«ãããšçºçããããšã確èªã§ããŸãã
æ®å¿µãªãããDockerãVPSã§ã¯åçŸã§ããŸããã
誰ããDockerã®ãããªç°¡åã«åçŸã§ãããã®ã§ãããåçŸããã®ãèŠããã®ã§ããããããŸã§ã®éã誰ããåé¡ã«ã¶ã€ãã£ãå Žåã次ã®ã³ãã³ãã®åºåã¯äœã§ããïŒ
python -c 'import certbot, requests, urllib3, OpenSSL; print("certbot :", certbot.__version__); print("requests: ", requests.__version__); print("urllib3 :", urllib3.__version__); print("OpenSSL :", OpenSSL.__version__)'
ls /usr/lib/python2.7/site-packages/urllib3/contrib
é¢çœãã ããã¯ãCentos7çšã«äœæãã2çªç®ã®ã¯ãªãŒã³ã€ã³ã¹ããŒã«ã§ãã
ä»åã¯æå°éã®ISOã䜿çšããŠã¯ãªãŒã³ã€ã³ã¹ããŒã«ãå®è¡ããŸããããæ©èœããŠããŸãã ã€ã³ã¹ããŒã«ãããŠããCentosãªã¯ãšã¹ãããã±ãŒãžã2.6ã§ãã æåã«ãã®åé¡ãçºçããŠããããªã¯ãšã¹ããæŽæ°ãããå¯èœæ§ããããŸãã
python2-requests-2.6.0-0.el7.noarch
[root<strong i="9">@centos7</strong> ~]# python -c 'import certbot, requests, urllib3, OpenSSL; print("certbot :", certbot.__version__); print("requests: ", requests.__version__); print("urllib3 :", urllib3.__version__); print("OpenSSL :", OpenSSL.__version__)'
('certbot :', '0.31.0')
('requests: ', '2.6.0')
('urllib3 :', '1.10.2')
('OpenSSL :', '0.13.1')
[root<strong i="10">@centos7</strong> ~]# ls /usr/lib/python2.7/site-packages/urllib3/contrib
__init__.py __init__.pyc __init__.pyo ntlmpool.py ntlmpool.pyc ntlmpool.pyo pyopenssl.py pyopenssl.pyc pyopenssl.pyo
[root<strong i="11">@centos7</strong> ~]# certbot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.
ãã®åé¡ã¯ãcentos7.6ãšovirt4.3ã§çºçããŸãã ããã±ãŒãžããŒãžã§ã³ã¯
from EPEL:
certbot-0.31.0-2.el7.noarch
from ovirt-4.3-centos-opstools:
python2-requests-2.19.1-4.el7.noarch
python2-pyOpenSSL-17.3.0-3.el7.noarch
urllib3.contrib
åå空éãªã©ã§äœãå¥åŠãªããšãèµ·ãã£ãŠããããã§ãã
>>> import requests
>>> requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
AttributeError: 'module' object has no attribute 'pyopenssl'
>>> import urllib3.contrib.pyopenssl
>>> urllib3.contrib.pyopenssl.inject_into_urllib3()
>>> dir(urllib3.contrib)
['__builtins__', '__doc__', '__file__', '__name__', '__package__', '__path__', 'pyopenssl', 'socks']
>>> from acme import client as acme_client
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/acme/client.py", line 40, in <module>
urllib3.contrib.pyopenssl.inject_into_urllib3()
AttributeError: 'module' object has no attribute 'pyopenssl'
>>> dir(urllib3.contrib)
['__builtins__', '__doc__', '__file__', '__name__', '__package__', '__path__', 'appengine']
acme/client.py
ãããè¡ããšãåé¡ã¯è§£æ±ºããŸãã
if sys.version_info < (2, 7, 9): # pragma: no cover
import requests.packages.urllib3.contrib.pyopenssl # pylint: disable=import-error
requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3() # type: ignore
ãããç§ã®è§£æ±ºçã§ãïŒ
pip install requests==2.6.0 easy_install --upgrade pip
CentOS7ã§ç§ã®ããã«åãã
ããããšã@ monkeyWie -
ãããç§ã®è§£æ±ºçã§ãïŒ
pip install requests==2.6.0 easy_install --upgrade pip
pip install acme
ãã®ãšã©ãŒãèŠãåŸãCentos7ã§åäœããŸãã
ãšã©ãŒïŒcertbot1.0.0ã«ã¯acme> = 0.40.0ãå¿ èŠã§ãããããã¯ã€ã³ã¹ããŒã«ãããŠããŸããã
PS Centosããã±ãŒãžã§ã¯ãªããpipãããã¹ãŠãã€ã³ã¹ããŒã«ããŸããå€ãå ŽåããããŸãã
EPELãªããžããªã䜿çšããŠcertbotãè¿œå ããCentos7.6ãã¯ãªãŒã³ã€ã³ã¹ããŒã«ãããšçºçããããšã確èªã§ããŸãã
æ®å¿µãªãããDockerãVPSã§ã¯åçŸã§ããŸããã
誰ããDockerã®ãããªç°¡åã«åçŸã§ãããã®ã§ãããåçŸããã®ãèŠããã®ã§ããããããŸã§ã®éã誰ããåé¡ã«ã¶ã€ãã£ãå Žåã次ã®ã³ãã³ãã®åºåã¯äœã§ããïŒ
python -c 'import certbot, requests, urllib3, OpenSSL; print("certbot :", certbot.__version__); print("requests: ", requests.__version__); print("urllib3 :", urllib3.__version__); print("OpenSSL :", OpenSSL.__version__)' ls /usr/lib/python2.7/site-packages/urllib3/contrib
@bmwç§ã®çµæã¯æ¬¡ã®ãšããã§ãã
('certbot :', '1.0.0')
('requests: ', '2.6.0')
('urllib3 :', '1.25.7')
('OpenSSL :', '0.13.1')
_appengine_environ.py appengine.py __init__.py ntlmpool.py pyopenssl.py _securetransport securetransport.pyc socks.pyc
_appengine_environ.pyc appengine.pyc __init__.pyc ntlmpool.pyc pyopenssl.pyc securetransport.py socks.py
ããã¯ç§ã«ã¯å€§äžå€«ã®ããã§ãã ãããããããã®ä»ã®ãã¹ãã¯å€±æããŠããããã§ãã
$ python -c 'import requests; requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3()'
Traceback (most recent call last):
File "<string>", line 1, in <module>
AttributeError: 'module' object has no attribute 'packages'
$ python -c 'import urllib3.contrib.pyopenssl; urllib3.contrib.pyopenssl.inject_into_urllib3()'
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 118, in inject_into_urllib3
_validate_dependencies_met()
File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 160, in _validate_dependencies_met
"'pyOpenSSL' module missing required functionality. "
ImportError: 'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.
RHEL 7ããŒã¹ã®ã·ã¹ãã ã«ããã±ãŒãžåãããŠããurllib3
ã®ããŒãžã§ã³ã¯1.10.2ã§ããã1.25.7ããããŸãã ããã¯ããããpip
ä»ããŠã€ã³ã¹ããŒã«ãããŸããã urllib3
ãåé€ãã yum
ãä»ããŠåã€ã³ã¹ããŒã«ãããšããã®åé¡ã解決ããã¯ãã§ãã
ããã«ã€ããŠããã«ãµããŒããå¿ èŠãªå Žåã¯ã httpsïŒ //community.letsencrypt.orgã«æçš¿ããããšããå§ãã
JFYIã åãåé¡ãçºçããŸãããã pip
/ pip2
ãŸãã¯pipããã±ãŒãžãæåã§ã€ã³ã¹ããŒã«ããŠããŸããã
ç§ã®å Žåã centos-release-opstools
ãããpython2-urllib3 1.21.1-1.el7 and
python2-requests2.19.1-4.el7`ãçºçããŸããã
ãã®ãªããžããªãç¡å¹ã«ããŠé¢é£ããããã±ãŒãžãåã€ã³ã¹ããŒã«ããåŸïŒCentOS 7.7ã§ã¯python-urllib3 1.10.2-7.el7
ãšpython-requests 2.6.0-8.el7_7
ååãå€æŽãããŸããïŒãåé¡ã¯è§£æ¶ãããŸããã
@grossws ãæ å ±ãããããšãã ãšã©ãŒã¡ãã»ãŒãžãäœã§ãã£ããèŠããŠããŸããïŒ
ãã®ã»ããã¢ãããåäœæããããšãããšãCertbotã次ã®ããã«ã¯ã©ãã·ã¥ããŸãã
# certbot --help
Traceback (most recent call last):
File "/usr/bin/certbot", line 5, in <module>
from pkg_resources import load_entry_point
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 3011, in <module>
parse_requirements(__requires__), Environment()
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 630, in resolve
raise VersionConflict(dist,req) # XXX put more info here
pkg_resources.VersionConflict: (cryptography 1.7.2 (/usr/lib64/python2.7/site-packages), Requirement.parse('cryptography>=1.9'))
ããã¯ã python2-pyOpenSSL 17.3.0-3.el7
ããã±ãŒãžãpython-cryptography >= 1.3.0
å¿
èŠãšãããšäž»åŒµããŠããããPythonã§cryptography>=1.9
ã§ãããã€ã³ã¹ããŒã«ãããŠããªãããã§ãã
@ bmw ã httpsïŒ //github.com/certbot/certbot/issues/6328#issuecomment-482531925ã«ãããã®ãšåæ§ã®ã¹ã¿ãã¯ãã¬ãŒã¹ããããŸãã
epel-release
+ centos-release-opstools
ã ãã®ã³ã³ããã§åçŸããããšããŸãããã cryptography
ã«ã€ããŠåãããŒãžã§ã³ã®ç«¶åãçºçããŸããã ãšã©ãŒãçºçããå
ã®ã·ã¹ãã ã調ã¹ããšããã centos-release-ovirt42
ãªããžããªããæ°ããpython2-cryptography
ãããããšãããããŸããã
ãããã£ãŠãåçŸããã«ã¯ã centos:7
ã䜿çšããŠDockerã³ã³ãããå®è¡ããŸãã
yum install -y epel-release centos-release-opstools centos-release-ovirt42
yum install -y certbot
certbot --help`
ããã¯æ¥œãããã®ã§ãïŒããªãã®æ¥œãã¿ã®å®çŸ©ã«äŸåããŸãïŒã
centos:7
Dockerã€ã¡ãŒãžã§ã以äžãå®è¡ããå ŽåïŒ
yum install -y epel-release centos-release-opstools centos-release-ovirt42
yum install -y python-requests-toolbelt python2-urllib3
python -c 'import urllib3.contrib.pyopenssl; urllib3.contrib.pyopenssl.inject_into_urllib3()'
python -c 'from requests_toolbelt.adapters.source import SourceAddressAdapter; import urllib3.contrib.pyopenssl; urllib3.contrib.pyopenssl.inject_into_urllib3()'
æåã®Pythonã³ãã³ãã¯æåãã2çªç®ã®ã³ãã³ãã¯å€±æããŸãã å¯äžã®éãã¯from requests_toolbelt.adapters.source import SourceAddressAdapter
ã€ã³ããŒãã§ãã
ä»åŸæ°ãæ以å ã«Python2ã®ãµããŒããçµäºããäºå®ã§ããããã®æç¹ã§ãã®ã³ãŒããåé€ããäºå®ã§ãã ãã®ãããCertbotã管çããŠããå°ããªããŒã ã¯ãããããèªåãã¡ã§ããã«å€ãã®æéãè²»ããããšã¯ãªãã§ããããã誰ãããããæãäžãããå Žåã¯ããã®åé¡ã®åå ãããã±ãŒãžç®¡çè ã«å ±åããŠããããšãããšæããŸãã ã
ãšããããåéããŸãã
äœããã®åœ¢ã®è æã®ä»®å®ã¯æ£ãããšæããŸãã python2 pipãã€ã³ã¹ããŒã«ãããŠããªãã£ãã®ã§ãäœãå£ããã®ãããããŸããã ããããããã¯ç©äºãæŽçããŸããïŒ
yum remove python-urllib3
rm -rf /usr/lib/python2.7/site-packages/urllib3 # yes, you need this too
yum reinstall $(yum list installed | grep python | grep -v python3 | awk '{print $1}')
yum install python-urllib3
yum install certbot
ããã誰ããå©ããããšãé¡ã£ãŠããŸãã
ããã¯ç§ã®ç°å¢ã§æ©èœããŸããïŒäžèšã®@bmwãšããŠpipããã¢ããã°ã¬ãŒããããurllib3ã䜿çšããcentos 7 ..ç§ã®ãpipãã³ãã³ãããšã©ãŒãè¿ããŠãããããåã€ã³ã¹ããŒã«ãå¿ èŠã§ããïŒïŒ
sudo yum install -y python2-pip
sudo pip uninstall urllib3
sudo yum install -y python-urllib3
ããã§ã®Fedora / CentOSã®ã®certbotã¡ã³ããïŒã«ã¢ãžã¥ãŒã«ãã€ã³ã¹ããŒã«ããªãã§ãã ããããŠãã ãã/usr/lib
䜿çšããŠpip
ã äžéšã®CentOSããã±ãŒãžã¯ãæ¢åã®ã³ãŒããè€è£œããããã»ãã¥ãªãã£èšå®ã匷åãããããªãããã«å€æŽãããŠããŸãã ãã£ã¹ããããã±ãŒãžã£ãŒã¯ãå¿
èŠãªãã¹ãŠã®ããã±ãŒãžãã€ã³ã¹ããŒã«ãããŠããããšã確èªããå¿
èŠããããŸãã
次ã®ã³ãã³ãã䜿çšããŠãã¢ã³ãããŒãžPythonããã±ãŒãžã®ã€ã³ã¹ããŒã«ã確èªã§ããŸãã
LANG=C rpm -qf /usr/lib/python2.7/site-packages/* | grep 'is not owned by any package'
åºåã¯åŸãããªãã¯ãã§ãã
ãŸããä»ã®yumãªããžããªãè¿œå ãããšåé¡ãçºçããå¯èœæ§ããããŸãã Fedora EPELã¯ãRed Hat / CentOSã®ããŒã¹ãªããžããªã§100ïŒ åäœããã¯ãã§ãããä»ã®ãªããžããªãèæ ®ã«å ¥ããããšã¯ã§ããŸããã
ããã©ã«ãã®CentOSãªããžããªïŒ+ EPELïŒãæå¹ã«ããŠããã ãã§ãã¯ã©ãã·ã¥ããå Žåã¯ããç¥ãããã ããã æåã®æ¹æ³ã¯Bugzillaã®åé¡ã
@FelixSchwarz ã centos-release-opstools
ãããªCentOS SIGãªããžããªããã±ãŒãžfluentd
ã¯opstools
ã®ã¿å©çšå¯èœã§ãïŒ
å Žåã«ãã£ãŠã¯ã python3 -mvenv /path/to/new/venv
ã䜿çšããŠä»®æ³ç°å¢ãäœæããããã«å¿
èŠãªãœãããŠã§ã¢ãã€ã³ã¹ããŒã«ãçµãããšããã§ãïŒããšãã°ã certbot
+å¿
èŠãªDNSããªãã¡ã€ã¢ïŒã ãããããããšã«ãããã¯/usr/lib
æ±æããŸããã
@grossws Fedora EPELã¯ãRHEL Baseã®ãã¹ãŠã§åäœããã¯ãã§ãïŒãããã£ãŠã競åãåŒãèµ·ããä»ã®éå±€åãããRed Hat補åãååšããå¯èœæ§ããããŸãïŒã ãããã®ãªããžããªãRHEL / EPELãšåããã®ãåºè·ããªãããã«éåžžã«æ³šæããªãéããä»ã®ãã¹ãŠã®ãœãŒã¹ã¯äºææ§ããªãå¯èœæ§ããããŸãã
ç§ã¯centos-opstoolsã®ãªããžããªããã§ãã¯ããFedoraEPELãšã®ããã€ãã®ç«¶åã«æ°ã¥ããŸããã
0.5.6-5.el7
ãopstools 0.4.6-3.el7
ïŒ certbot
ã¯é¢ä¿ãããŸããããFedora / EPELã§ã管çããŠããborgbackupã«ã¯é¢ä¿ãããŸããã2.6.0-0.el7
ãopstools 2.19.1-4.el7
1.10.2-7.el7
ïŒ python-urllib3
ïŒãopstools 1.21.1-1.el7
2.4-1.el7
ãopstools 2.5-1.el7
ïŒ python2-idna
ïŒãåºè·ããŸãããã¯ã centos-opstools
ãªããžããªãEPELã®certbot
ããã±ãŒãžã§æ©èœããªããšããæå³ã§ã¯ãããŸããããããã€ãã®ç«¶åããããããã¯ééããªããã¹ããããŠããªãæ§æã§ãã ãŸãã centos-opstools
ã¯RHELããŒã¹ã®ããã±ãŒãžã眮ãæããŸããããã¯ãã¡ã€ã³ãã£ã¹ããªãã¥ãŒã·ã§ã³ã®å€ãã®ãã®ãå£ãå¯èœæ§ããããããç¹ã«æ³šæããå¿
èŠãããããšãæå³ããŸãã
tl; drïŒEPELã®certbotããã±ãŒãžã䜿çšããå Žåãä»ã®yum / dnfãªããžããªã¯äºææ§ããªãå¯èœæ§ãããããã䜿çšããªãã§ãã ããã RHELããŒã¹ããã³FedoraEPELãšã®äºææ§ã«ã€ããŠã¬ããããã€ããŒã«åãåãããŠãã ããã
ãŸããFedora EPELã«è²¢ç®ããããšã¯ããã»ã©é£ãããªãããšãããã£ãã®ã§ãããã±ãŒãžãäžè¶³ããŠããå Žåã¯ãããã±ãŒãžã¡ã³ãããŒã«ãªãããšãæ€èšããŠãã ããïŒã¬ã€ãã³ã¹ãå¿ èŠãªå Žåã¯pingããŠãã ããïŒã
äœããã®åœ¢ã®è æã®ä»®å®ã¯æ£ãããšæããŸãã python2 pipãã€ã³ã¹ããŒã«ãããŠããªãã£ãã®ã§ãäœãå£ããã®ãããããŸããã ããããããã¯ç©äºãæŽçããŸããïŒ
yum remove python-urllib3 rm -rf /usr/lib/python2.7/site-packages/urllib3 # yes, you need this too yum reinstall $(yum list installed | grep python | grep -v python3 | awk '{print $1}') yum install python-urllib3 yum install certbot
ããã誰ããå©ããããšãé¡ã£ãŠããŸãã
ããã¯ç§ã®å Žåã«åœ¹ç«ã¡ãŸããïŒãã®ãããã¯ã®ä»ã®è§£æ±ºçã¯åœ¹ã«ç«ã¡ãŸããã§ããïŒã ããããšãããããŸããã
æãåèã«ãªãã³ã¡ã³ã
ãããç§ã®è§£æ±ºçã§ãïŒ