Error Shows up like this from the Top Rope when attempting to install Certbot Certs for my HTTPS sites on my EC2 Image:
Requesting to rerun /opt/letsencrypt/certbot-auto with root privileges...
Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in <module>
from certbot.main import main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 10, in <module>
import josepy as jose
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py", line 41, in <module>
from josepy.interfaces import JSONDeSerializable
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 7, in <module>
from josepy import errors, util
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 7, in <module>
import OpenSSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import crypto, SSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 12, in <module>
from cryptography import x509
ImportError: No module named cryptography
I have seen this before which is what really gets me.
Certbot Up
After gettting the certbot up with this HotFix on AWS Linux I was able to run the certbot-auto command.
# rm -rf /opt/eff.org/*
# sudo /usr/bin/local/pip install -U certbot
#
After running ./certbot-auto --debug I had to ^C out of there because my site wasn’t listed for a renewal, Great.
I realized I hadn’t linked the site in /etc/nginx/sites-available to /etc/nginx/sites-enabled so certbot wasn’t picking up on my available site.
For the life of me, I truly can never remember the command to symbolically link (symlink) sites-available to sites-enabled
ln -s /etc/nginx/sites-available/site.conf /etc/nginx/sites-enabled/site.conf
Back to Certbot
I then proceeded to update the certificates without issue. From the output, I stored the location of the letsencrypt certs:
/etc/letsencrypt/live/itsltns.io/fullchain.pem
/etc/letsencrypt/live/itsltns.io/privkey.pem
These two locations would point me to my public and private keys. (As a gentle reminder: don’t share private keys!)
Let’s Encrypt SSL for Nginx in Amazon Linux AMI instance
# Install wget
yum install wget -y
# Install certbot-auto
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
# Obtain SSL certificate with Nginx plugin for the domain
sudo ./certbot-auto --nginx -d app.com --debug
# Test SSL configuration
https://www.ssllabs.com/ssltest/analyze.html?d=app.com
# Configure cron job for SSL auto-renewal
sudo crontab -e
# Add below line in crontab
0 6 * * * /home/ec2-user/certbot-auto renew --text >> /home/ec2-user/certbot-cron.log