有馬総一郎のブログ

(彼氏の事情)

2020年11月01日 01:21:34 JST - 2 minute read - Linux

Ubuntu 16.04から18.04にアップグレードしたらcertbot-autoが失敗するようになった

2020年4月頃の話だが、Ubuntu 16.04から18.04にアップグレードしたらcertbot-autoが失敗するようになった

証明書を更新しようとしたら…

arimasou16@ubuntu:~/certbot$ ./certbot-auto renew --dry-run
Requesting to rerun ./certbot-auto with root privileges...
./certbot-auto has insecure permissions!
To learn how to fix them, visit https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/9197
Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in <module>
    from certbot.main import main
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 2, in <module>
    from certbot._internal import main as internal_main
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/main.py", line 6, in <mod
    import logging.handlers
  File "/usr/lib/python2.7/logging/__init__.py", line 26, in <module>
    import sys, os, time, cStringIO, traceback, warnings, weakref, collections
  File "/usr/lib/python2.7/weakref.py", line 14, in <module>
    from _weakref import (
ImportError: cannot import name _remove_dead_weakref
arimasou16@ubuntu:~/certbot$

元々git clone https://github.com/letsencrypt/letsencryptして導入して初期の頃はletsencrypt-autoだった。

Until May 2016, Certbot was named simply letsencrypt or letsencrypt-auto, depending on install method. Instructions on the Internet, and some pieces of the software, may still refer to this older name.

2016年5月まで、Certbotは、インストール方法に応じて、単にletsencryptまたはletsencrypt-autoという名前でした。インターネット上の指示、およびソフトウェアの一部は、この古い名前を参照している場合があります。

それがcertbot-autoに変わったんだよな。

解決になってないが、面倒なのでパッケージからインストールすることにした。sudo apt install certbot

arimasou16@ubuntu:~$ certbot-auto renew --dry-run
certbot-auto: コマンドが見つかりません

arimasou16@ubuntu:~$ sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mydomain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 1.4.0 renewal configuration file found at /etc/letsencrypt/renewal/mydomain.com.conf with version 0.27.0 of Certbot. This might not work.
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mydomain.com
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/mydomain.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/mydomain.com/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

とりあえずcertbotで動くなったのでヨシ!