Error Shows up like this from the Top Rope when attempting to install Certbot Certs for my HTTPS sites on my EC2 Image:
Requesting to rerun /opt/letsencrypt/certbot-auto with root privileges... Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt: Traceback (most recent call last): File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in <module> from certbot.main import main File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 10, in <module> import josepy as jose File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py", line 41, in <module> from josepy.interfaces import JSONDeSerializable File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 7, in <module> from josepy import errors, util File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 7, in <module> import OpenSSL File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in <module> from OpenSSL import crypto, SSL File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 12, in <module> from cryptography import x509 ImportError: No module named cryptography
I have seen this before which is what really gets me.
After gettting the certbot up with this HotFix on AWS Linux I was able to run the certbot-auto command.
# rm -rf /opt/eff.org/* # sudo /usr/bin/local/pip install -U certbot #
./certbot-auto --debug I had to
^C out of there because my site wasn’t listed for a renewal, Great.
I realized I hadn’t linked the site in
/etc/nginx/sites-enabled so certbot wasn’t picking up on my available site.
For the life of me, I truly can never remember the command to symbolically link (symlink) sites-available to sites-enabled
ln -s /etc/nginx/sites-available/site.conf /etc/nginx/sites-enabled/site.conf
Back to Certbot
I then proceeded to update the certificates without issue. From the output, I stored the location of the letsencrypt certs:
These two locations would point me to my public and private keys. (As a gentle reminder: don’t share private keys!)
Let’s Encrypt SSL for Nginx in Amazon Linux AMI instance
# Install wget yum install wget -y # Install certbot-auto wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto # Obtain SSL certificate with Nginx plugin for the domain sudo ./certbot-auto --nginx -d app.com --debug # Test SSL configuration https://www.ssllabs.com/ssltest/analyze.html?d=app.com # Configure cron job for SSL auto-renewal sudo crontab -e # Add below line in crontab 0 6 * * * /home/ec2-user/certbot-auto renew --text >> /home/ec2-user/certbot-cron.log