Jump to content

Make use of letsenycrypt (autobot) not possible because of multiple SSL installs


j.schulz
 Share

Recommended Posts

Hi,

 

i would like to use a free letsencrypt ssl certificate but it's not possible to user there certbot because there are multiple ssl version in your virtual appplicance?

Why is that the case and how can i use the certbot from letsencrypt?

 

https://letsencrypt.org/getting-started/

 

 

Regards Jens

 

 

Edited by j.schulz
Link to comment
Share on other sites

  • ESET Staff

Could you please elaborate what exactly is not possible? Is there any relevant output? Also please provide version of ERA appliance you used as one released recently introduced major changes (it is based on CentOS7, previous releases were based on CentOS6).

Link to comment
Share on other sites

Hi,

 

here is the output while trying to use certbot-auto:

Error:  Multilib version problems found. This often means that the root
       cause is something else and multilib version checking is just
       pointing out that there is a problem. Eg.:

         1. You have an upgrade for openssl which is missing some
            dependency that another package requires. Yum is trying to
            solve this by installing an older version of openssl of the
            different architecture. If you exclude the bad architecture
            yum will tell you what the root cause is (which package
            requires what). You can try redoing the upgrade with
            --exclude openssl.otherarch ... this should give you an error
            message showing the root cause of the problem.

         2. You have multiple architectures of openssl installed, but
            yum can only see an upgrade for one of those arcitectures.
            If you don't want/need both architectures anymore then you
            can remove the one with the missing update and everything
            will work.

         3. You have duplicate versions of openssl installed already.
            You can use "yum check" to get yum show these errors.

       ...you can also use --setopt=protected_multilib=false to remove
       this checking, however this is almost never the correct thing to
       do as something else is very likely to go wrong (often causing
       much more problems).

       Protected multilib versions: openssl-1.0.1e-48.el6_8.1.x86_64 != openssl-                                                           1.0.1e-42.el6_7.1.i686
Could not install OS dependencies. Aborting bootstrap!

Using latest ERA 6.4 but still under old Appliance presented with 6.3

 

 

Regards Jens

Edited by j.schulz
Link to comment
Share on other sites

  • ESET Staff

Could you please check OpenSSL versions using command?

rpm -qa | grep openssl

I have checked it and both x86_64 and i386 are using the same version 1.0.1e-48.el6_8.1. Maybe you did system update and update for i386 version was not available yet? Please try to update system (yum update) and check whether versions match.

Link to comment
Share on other sites

Hi,

 

Could you please check OpenSSL versions using command?

rpm -qa | grep openssl

I have checked it and both x86_64 and i386 are using the same version 1.0.1e-48.el6_8.1. Maybe you did system update and update for i386 version was not available yet? Please try to update system (yum update) and check whether versions match.

 

This is my output, i haven't updated anything, i also haven't done "yum update" yet.

[root@vs-ha-eset ~]# rpm -qa | grep openssl
openssl-1.0.1e-42.el6_7.1.x86_64
openssl-1.0.1e-42.el6_7.1.i686

Output of "yum update"

 openssl                 i686   1.0.1e-48.el6_8.1       updates           1.5 M
 openssl                 x86_64 1.0.1e-48.el6_8.1       updates           1.5 M

Should i update?

 

 

Regards Jens

Edited by j.schulz
Link to comment
Share on other sites

  • ESET Staff

Yes, try to update (please create snapshot before), seems like certbot was operating with version you are not using yet.

Link to comment
Share on other sites

Hi,

 

Yes, try to update (please create snapshot before), seems like certbot was operating with version you are not using yet.

 

i made a full update with "yum update", reboot, execution of certbot-auto:

 

This is the output:

[root@vs-ha-eset ~]# ./certbot-auto
Bootstrapping dependencies for RedHat-based OSes...
yum is /usr/bin/yum
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
 * base: mirror.eu.oneandone.net
 * epel: mirror.i3d.net
 * extras: ftp.plusline.de
 * updates: mirror.eu.oneandone.net
Package openssl-1.0.1e-48.el6_8.1.x86_64 already installed and latest version
Package ca-certificates-2015.2.6-65.0.1.el6_7.noarch already installed and lates                                                                                                                                                             t version
Package python-2.6.6-64.el6.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package augeas-libs.x86_64 0:1.0.0-10.el6 will be installed
---> Package dialog.x86_64 0:1.1-9.20080819.1.el6 will be installed
---> Package gcc.x86_64 0:4.4.7-17.el6 will be installed
--> Processing Dependency: cpp = 4.4.7-17.el6 for package: gcc-4.4.7-17.el6.x86_                                                                                                                                                             64
--> Processing Dependency: cloog-ppl >= 0.15 for package: gcc-4.4.7-17.el6.x86_6                                                                                                                                                             4
---> Package libffi-devel.x86_64 0:3.0.5-3.2.el6 will be installed
---> Package openssl-devel.x86_64 0:1.0.1e-48.el6_8.1 will be installed
--> Processing Dependency: zlib-devel for package: openssl-devel-1.0.1e-48.el6_8                                                                                                                                                             .1.x86_64
--> Processing Dependency: krb5-devel for package: openssl-devel-1.0.1e-48.el6_8                                                                                                                                                             .1.x86_64
---> Package python-devel.x86_64 0:2.6.6-64.el6 will be installed
---> Package python-pip.noarch 0:7.1.0-1.el6 will be installed
--> Processing Dependency: python-setuptools for package: python-pip-7.1.0-1.el6                                                                                                                                                             .noarch
---> Package python-tools.x86_64 0:2.6.6-64.el6 will be installed
--> Processing Dependency: tkinter = 2.6.6-64.el6 for package: python-tools-2.6.                                                                                                                                                             6-64.el6.x86_64
---> Package python-virtualenv.noarch 0:1.10.1-1.el6 will be installed
---> Package redhat-rpm-config.noarch 0:9.0.3-51.el6.centos will be installed
--> Running transaction check
---> Package cloog-ppl.x86_64 0:0.15.7-1.2.el6 will be installed
--> Processing Dependency: libppl_c.so.2()(64bit) for package: cloog-ppl-0.15.7-                                                                                                                                                             1.2.el6.x86_64
--> Processing Dependency: libppl.so.7()(64bit) for package: cloog-ppl-0.15.7-1.                                                                                                                                                             2.el6.x86_64
---> Package cpp.x86_64 0:4.4.7-17.el6 will be installed
--> Processing Dependency: libmpfr.so.1()(64bit) for package: cpp-4.4.7-17.el6.x                                                                                                                                                             86_64
---> Package krb5-devel.x86_64 0:1.10.3-57.el6 will be installed
--> Processing Dependency: libselinux-devel for package: krb5-devel-1.10.3-57.el                                                                                                                                                             6.x86_64
--> Processing Dependency: libcom_err-devel for package: krb5-devel-1.10.3-57.el                                                                                                                                                             6.x86_64
--> Processing Dependency: keyutils-libs-devel for package: krb5-devel-1.10.3-57                                                                                                                                                             .el6.x86_64
---> Package python-setuptools.noarch 0:0.6.10-3.el6 will be installed
---> Package tkinter.x86_64 0:2.6.6-64.el6 will be installed
--> Processing Dependency: libtk8.5.so()(64bit) for package: tkinter-2.6.6-64.el                                                                                                                                                             6.x86_64
--> Processing Dependency: libtcl8.5.so()(64bit) for package: tkinter-2.6.6-64.e                                                                                                                                                             l6.x86_64
--> Processing Dependency: libTix.so()(64bit) for package: tkinter-2.6.6-64.el6.                                                                                                                                                             x86_64
---> Package zlib-devel.x86_64 0:1.2.3-29.el6 will be installed
--> Running transaction check
---> Package keyutils-libs-devel.x86_64 0:1.4-5.el6 will be installed
---> Package libcom_err-devel.x86_64 0:1.41.12-22.el6 will be installed
---> Package libselinux-devel.x86_64 0:2.0.94-7.el6 will be installed
--> Processing Dependency: libsepol-devel >= 2.0.32-1 for package: libselinux-de                                                                                                                                                             vel-2.0.94-7.el6.x86_64
--> Processing Dependency: pkgconfig(libsepol) for package: libselinux-devel-2.0                                                                                                                                                             .94-7.el6.x86_64
---> Package mpfr.x86_64 0:2.4.1-6.el6 will be installed
---> Package ppl.x86_64 0:0.10.2-11.el6 will be installed
---> Package tcl.x86_64 1:8.5.7-6.el6 will be installed
---> Package tix.x86_64 1:8.4.3-5.el6 will be installed
---> Package tk.x86_64 1:8.5.7-5.el6 will be installed
--> Running transaction check
---> Package libsepol-devel.x86_64 0:2.0.41-4.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                 Arch       Version                   Repository   Size
================================================================================
Installing:
 augeas-libs             x86_64     1.0.0-10.el6              base        314 k
 dialog                  x86_64     1.1-9.20080819.1.el6      base        197 k
 gcc                     x86_64     4.4.7-17.el6              base         10 M
 libffi-devel            x86_64     3.0.5-3.2.el6             base         18 k
 openssl-devel           x86_64     1.0.1e-48.el6_8.1         updates     1.2 M
 python-devel            x86_64     2.6.6-64.el6              base        172 k
 python-pip              noarch     7.1.0-1.el6               epel        1.5 M
 python-tools            x86_64     2.6.6-64.el6              base        870 k
 python-virtualenv       noarch     1.10.1-1.el6              epel        1.3 M
 redhat-rpm-config       noarch     9.0.3-51.el6.centos       base         60 k
Installing for dependencies:
 cloog-ppl               x86_64     0.15.7-1.2.el6            base         93 k
 cpp                     x86_64     4.4.7-17.el6              base        3.7 M
 keyutils-libs-devel     x86_64     1.4-5.el6                 base         29 k
 krb5-devel              x86_64     1.10.3-57.el6             base        504 k
 libcom_err-devel        x86_64     1.41.12-22.el6            base         33 k
 libselinux-devel        x86_64     2.0.94-7.el6              base        137 k
 libsepol-devel          x86_64     2.0.41-4.el6              base         64 k
 mpfr                    x86_64     2.4.1-6.el6               base        157 k
 ppl                     x86_64     0.10.2-11.el6             base        1.3 M
 python-setuptools       noarch     0.6.10-3.el6              base        336 k
 tcl                     x86_64     1:8.5.7-6.el6             base        1.9 M
 tix                     x86_64     1:8.4.3-5.el6             base        252 k
 tk                      x86_64     1:8.5.7-5.el6             base        1.4 M
 tkinter                 x86_64     2.6.6-64.el6              base        257 k
 zlib-devel              x86_64     1.2.3-29.el6              base         44 k

Transaction Summary
================================================================================
Install      25 Package(s)

Total download size: 26 M
Installed size: 62 M
Is this ok [y/N]: y
Downloading Packages:
(1/25): augeas-libs-1.0.0-10.el6.x86_64.rpm              | 314 kB     00:00
(2/25): cloog-ppl-0.15.7-1.2.el6.x86_64.rpm              |  93 kB     00:00
(3/25): cpp-4.4.7-17.el6.x86_64.rpm                      | 3.7 MB     00:00
(4/25): dialog-1.1-9.20080819.1.el6.x86_64.rpm           | 197 kB     00:00
(5/25): gcc-4.4.7-17.el6.x86_64.rpm                      |  10 MB     00:02
(6/25): keyutils-libs-devel-1.4-5.el6.x86_64.rpm         |  29 kB     00:00
(7/25): krb5-devel-1.10.3-57.el6.x86_64.rpm              | 504 kB     00:00
(8/25): libcom_err-devel-1.41.12-22.el6.x86_64.rpm       |  33 kB     00:00
(9/25): libffi-devel-3.0.5-3.2.el6.x86_64.rpm            |  18 kB     00:00
(10/25): libselinux-devel-2.0.94-7.el6.x86_64.rpm        | 137 kB     00:00
(11/25): libsepol-devel-2.0.41-4.el6.x86_64.rpm          |  64 kB     00:00
(12/25): mpfr-2.4.1-6.el6.x86_64.rpm                     | 157 kB     00:00
(13/25): openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm      | 1.2 MB     00:00
(14/25): ppl-0.10.2-11.el6.x86_64.rpm                    | 1.3 MB     00:00
(15/25): python-devel-2.6.6-64.el6.x86_64.rpm            | 172 kB     00:00
(16/25): python-pip-7.1.0-1.el6.noarch.rpm               | 1.5 MB     00:00
(17/25): python-setuptools-0.6.10-3.el6.noarch.rpm       | 336 kB     00:00
(18/25): python-tools-2.6.6-64.el6.x86_64.rpm            | 870 kB     00:00
(19/25): python-virtualenv-1.10.1-1.el6.noarch.rpm       | 1.3 MB     00:00
(20/25): redhat-rpm-config-9.0.3-51.el6.centos.noarch.rp |  60 kB     00:00
(21/25): tcl-8.5.7-6.el6.x86_64.rpm                      | 1.9 MB     00:00
(22/25): tix-8.4.3-5.el6.x86_64.rpm                      | 252 kB     00:00
(23/25): tk-8.5.7-5.el6.x86_64.rpm                       | 1.4 MB     00:00
(24/25): tkinter-2.6.6-64.el6.x86_64.rpm                 | 257 kB     00:00
(25/25): zlib-devel-1.2.3-29.el6.x86_64.rpm              |  44 kB     00:00
--------------------------------------------------------------------------------
Total                                           4.4 MB/s |  26 MB     00:05
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : 1:tcl-8.5.7-6.el6.x86_64                                    1/25
  Installing : 1:tk-8.5.7-5.el6.x86_64                                     2/25
  Installing : python-setuptools-0.6.10-3.el6.noarch                       3/25
  Installing : 1:tix-8.4.3-5.el6.x86_64                                    4/25
  Installing : tkinter-2.6.6-64.el6.x86_64                                 5/25
  Installing : libsepol-devel-2.0.41-4.el6.x86_64                          6/25
  Installing : libselinux-devel-2.0.94-7.el6.x86_64                        7/25
  Installing : python-devel-2.6.6-64.el6.x86_64                            8/25
  Installing : ppl-0.10.2-11.el6.x86_64                                    9/25
  Installing : cloog-ppl-0.15.7-1.2.el6.x86_64                            10/25
  Installing : zlib-devel-1.2.3-29.el6.x86_64                             11/25
  Installing : mpfr-2.4.1-6.el6.x86_64                                    12/25
  Installing : cpp-4.4.7-17.el6.x86_64                                    13/25
  Installing : libcom_err-devel-1.41.12-22.el6.x86_64                     14/25
  Installing : keyutils-libs-devel-1.4-5.el6.x86_64                       15/25
  Installing : krb5-devel-1.10.3-57.el6.x86_64                            16/25
  Installing : openssl-devel-1.0.1e-48.el6_8.1.x86_64                     17/25
  Installing : gcc-4.4.7-17.el6.x86_64                                    18/25
  Installing : python-virtualenv-1.10.1-1.el6.noarch                      19/25
  Installing : python-tools-2.6.6-64.el6.x86_64                           20/25
  Installing : python-pip-7.1.0-1.el6.noarch                              21/25
  Installing : augeas-libs-1.0.0-10.el6.x86_64                            22/25
  Installing : dialog-1.1-9.20080819.1.el6.x86_64                         23/25
  Installing : redhat-rpm-config-9.0.3-51.el6.centos.noarch               24/25
  Installing : libffi-devel-3.0.5-3.2.el6.x86_64                          25/25
  Verifying  : libffi-devel-3.0.5-3.2.el6.x86_64                           1/25
  Verifying  : 1:tcl-8.5.7-6.el6.x86_64                                    2/25
  Verifying  : openssl-devel-1.0.1e-48.el6_8.1.x86_64                      3/25
  Verifying  : 1:tix-8.4.3-5.el6.x86_64                                    4/25
  Verifying  : cpp-4.4.7-17.el6.x86_64                                     5/25
  Verifying  : python-pip-7.1.0-1.el6.noarch                               6/25
  Verifying  : keyutils-libs-devel-1.4-5.el6.x86_64                        7/25
  Verifying  : libcom_err-devel-1.41.12-22.el6.x86_64                      8/25
  Verifying  : mpfr-2.4.1-6.el6.x86_64                                     9/25
  Verifying  : redhat-rpm-config-9.0.3-51.el6.centos.noarch               10/25
  Verifying  : dialog-1.1-9.20080819.1.el6.x86_64                         11/25
  Verifying  : zlib-devel-1.2.3-29.el6.x86_64                             12/25
  Verifying  : krb5-devel-1.10.3-57.el6.x86_64                            13/25
  Verifying  : cloog-ppl-0.15.7-1.2.el6.x86_64                            14/25
  Verifying  : python-tools-2.6.6-64.el6.x86_64                           15/25
  Verifying  : augeas-libs-1.0.0-10.el6.x86_64                            16/25
  Verifying  : python-setuptools-0.6.10-3.el6.noarch                      17/25
  Verifying  : ppl-0.10.2-11.el6.x86_64                                   18/25
  Verifying  : python-devel-2.6.6-64.el6.x86_64                           19/25
  Verifying  : libsepol-devel-2.0.41-4.el6.x86_64                         20/25
  Verifying  : python-virtualenv-1.10.1-1.el6.noarch                      21/25
  Verifying  : gcc-4.4.7-17.el6.x86_64                                    22/25
  Verifying  : libselinux-devel-2.0.94-7.el6.x86_64                       23/25
  Verifying  : 1:tk-8.5.7-5.el6.x86_64                                    24/25
  Verifying  : tkinter-2.6.6-64.el6.x86_64                                25/25

Installed:
  augeas-libs.x86_64 0:1.0.0-10.el6
  dialog.x86_64 0:1.1-9.20080819.1.el6
  gcc.x86_64 0:4.4.7-17.el6
  libffi-devel.x86_64 0:3.0.5-3.2.el6
  openssl-devel.x86_64 0:1.0.1e-48.el6_8.1
  python-devel.x86_64 0:2.6.6-64.el6
  python-pip.noarch 0:7.1.0-1.el6
  python-tools.x86_64 0:2.6.6-64.el6
  python-virtualenv.noarch 0:1.10.1-1.el6
  redhat-rpm-config.noarch 0:9.0.3-51.el6.centos

Dependency Installed:
  cloog-ppl.x86_64 0:0.15.7-1.2.el6
  cpp.x86_64 0:4.4.7-17.el6
  keyutils-libs-devel.x86_64 0:1.4-5.el6
  krb5-devel.x86_64 0:1.10.3-57.el6
  libcom_err-devel.x86_64 0:1.41.12-22.el6
  libselinux-devel.x86_64 0:2.0.94-7.el6
  libsepol-devel.x86_64 0:2.0.41-4.el6
  mpfr.x86_64 0:2.4.1-6.el6
  ppl.x86_64 0:0.10.2-11.el6
  python-setuptools.noarch 0:0.6.10-3.el6
  tcl.x86_64 1:8.5.7-6.el6
  tix.x86_64 1:8.4.3-5.el6
  tk.x86_64 1:8.5.7-5.el6
  tkinter.x86_64 0:2.6.6-64.el6
  zlib-devel.x86_64 0:1.2.3-29.el6

Complete!
Creating virtual environment...
Installing Python packages...
Installation succeeded.
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26:
DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python.
A future version of cryptography will drop support for Python 2.6 
DeprecationWarning
Version: 1.1-20080819
Version: 1.1-20080819
/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py:496:
DeprecationWarning: BaseException.message has been deprecated as of Python 2.6
return e.message
No installers are available on your OS yet; try running "letsencrypt-auto certonly" to get a cert you can install manually

Regards Jens

Edited by j.schulz
Link to comment
Share on other sites

  • ESET Staff

Based on output:

No installers are available on your OS yet; try running "letsencrypt-auto certonly" to get a cert you can install manually

it seems procedure you used is not supported on CentOS 6 which was used as base operating system for ERA Virtual Appliance until ERA 6.4 release which introduced new appliance based on CentOS 7. We have no experience with letsencrypt, but I would suggest to test whether it works on new ERA 6.4 appliance (newly deployed). Once you are sure it works, try to migrate your currently deployed appliance to new one.

In case migrating to new appliance is not possible, there seems to be way how to manually install letsencrypt certificate, but you will have to consult exact steps with certificate provider.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...