前に(1年位前)EC2上のAmazonLinuxにwget経由でcertbotをインストールして、証明書をインストールしていた。
今回別のドメインに対して証明書を取得しようとしていたら、下記のエラー
$ certbot-auto
Requesting to rerun /usr/bin/certbot-auto with root privileges...
Upgrading certbot-auto 0.22.2 to 0.25.1...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in <module>
from certbot.main import main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 10, in <module>
import josepy as jose
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py", line 41, in <module>
from josepy.interfaces import JSONDeSerializable
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 8, in <module>
from josepy import errors, util
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 4, in <module>
import OpenSSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import rand, crypto, SSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/rand.py", line 12, in <module>
from OpenSSL._util import (
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/_util.py", line 6, in <module>
from cryptography.hazmat.bindings.openssl.binding import Binding
ImportError: No module named cryptography.hazmat.bindings.openssl.binding
うーむ、どうやらcryptographyなるパッケージがないようだ…
ということで、pip実行
sudo pip install cryptography
とやるが、エラー解決せず…
(このときに無理矢理pipアップデートして、構成ぶっ壊した。けどそのまま放置している)
https://community.letsencrypt.org/t/renew-error-no-module-named-cryptography-hazmat-bindings-openssl-binding/52395/9
を試してみるも、解決せず…
エラーメッセージをよく見てみると、/opt/eff.org/certbot/venv/local/lib/python2.7なる場所を参照している。
通常のpythonの場所を調べるが/usr/bin/python2.7ここにあるみたい。
なので、certbotが参照しているpythonと通常のpythonとは場所がやはり違う。
ということでcertbotが使うpythonの位置を
/opt/eff.org/certbot/venv/bin
ここにpythonとかpipとかあるみたい。なのでここでpip実行
sudo /opt/eff.org/certbot/venv/bin/pip2.7 install cryptography
と、更にエラー
$ sudo ./pip2.7 install cryptography
Requirement already satisfied: cryptography in /opt/eff.org/certbot/venv/lib64/python2.7/site-packages (2.2.2)
Requirement already satisfied: asn1crypto>=0.21.0 in /opt/eff.org/certbot/venv/lib/python2.7/dist-packages (from cryptography) (0.22.0)
Requirement already satisfied: cffi>=1.7; platform_python_implementation != "PyPy" in /opt/eff.org/certbot/venv/lib64/python2.7/site-packages (from cryptography) (1.11.5)
Requirement already satisfied: enum34; python_version < "3" in /opt/eff.org/certbot/venv/lib/python2.7/dist-packages (from cryptography) (1.1.2)
Requirement already satisfied: six>=1.4.1 in /opt/eff.org/certbot/venv/lib/python2.7/dist-packages (from cryptography) (1.10.0)
Requirement already satisfied: idna>=2.1 in /opt/eff.org/certbot/venv/lib/python2.7/dist-packages (from cryptography) (2.5)
Requirement already satisfied: ipaddress; python_version < "3" in /opt/eff.org/certbot/venv/lib/python2.7/dist-packages (from cryptography) (1.0.16)
Requirement already satisfied: pycparser in /opt/eff.org/certbot/venv/lib/python2.7/dist-packages (from cffi>=1.7; platform_python_implementation != "PyPy"->cryptography) (2.14)
zope-component 4.2.2 requires zope.interface>=4.1.0, which is not installed.
certbot 0.25.1 requires zope.interface, which is not installed.
certbot-apache 0.25.1 requires zope.interface, which is not installed.
certbot-nginx 0.25.1 requires zope.interface, which is not installed.
zope.interfaceなるものもいるらしい。それもインストールして、再度certbot-auto実行
$ certbot-auto
Requesting to rerun /usr/bin/certbot-auto with root privileges...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: ******************
2: ******************
3: ******************(マスクしてます)
-------------------------------------------------------------------------------
ということでちゃんと動くようになった。
今後はAmazon公式のドキュメント通りにやったほうが良さそう。
https://docs.aws.amazon.com/ja_jp/AWSEC2/latest/UserGuide/SSL-on-an-instance.html