j.schulz 0 Posted July 23, 2016 Share Posted July 23, 2016 (edited) Hi, i would like to use a free letsencrypt ssl certificate but it's not possible to user there certbot because there are multiple ssl version in your virtual appplicance? Why is that the case and how can i use the certbot from letsencrypt? https://letsencrypt.org/getting-started/ Regards Jens Edited July 23, 2016 by j.schulz Link to comment Share on other sites More sharing options...
ESET Staff MartinK 378 Posted July 23, 2016 ESET Staff Share Posted July 23, 2016 Could you please elaborate what exactly is not possible? Is there any relevant output? Also please provide version of ERA appliance you used as one released recently introduced major changes (it is based on CentOS7, previous releases were based on CentOS6). Link to comment Share on other sites More sharing options...
j.schulz 0 Posted July 24, 2016 Author Share Posted July 24, 2016 (edited) Hi, here is the output while trying to use certbot-auto: Error: Multilib version problems found. This often means that the root cause is something else and multilib version checking is just pointing out that there is a problem. Eg.: 1. You have an upgrade for openssl which is missing some dependency that another package requires. Yum is trying to solve this by installing an older version of openssl of the different architecture. If you exclude the bad architecture yum will tell you what the root cause is (which package requires what). You can try redoing the upgrade with --exclude openssl.otherarch ... this should give you an error message showing the root cause of the problem. 2. You have multiple architectures of openssl installed, but yum can only see an upgrade for one of those arcitectures. If you don't want/need both architectures anymore then you can remove the one with the missing update and everything will work. 3. You have duplicate versions of openssl installed already. You can use "yum check" to get yum show these errors. ...you can also use --setopt=protected_multilib=false to remove this checking, however this is almost never the correct thing to do as something else is very likely to go wrong (often causing much more problems). Protected multilib versions: openssl-1.0.1e-48.el6_8.1.x86_64 != openssl- 1.0.1e-42.el6_7.1.i686 Could not install OS dependencies. Aborting bootstrap! Using latest ERA 6.4 but still under old Appliance presented with 6.3 Regards Jens Edited July 24, 2016 by j.schulz Link to comment Share on other sites More sharing options...
ESET Staff MartinK 378 Posted July 25, 2016 ESET Staff Share Posted July 25, 2016 Could you please check OpenSSL versions using command? rpm -qa | grep openssl I have checked it and both x86_64 and i386 are using the same version 1.0.1e-48.el6_8.1. Maybe you did system update and update for i386 version was not available yet? Please try to update system (yum update) and check whether versions match. Link to comment Share on other sites More sharing options...
j.schulz 0 Posted July 25, 2016 Author Share Posted July 25, 2016 (edited) Hi, Could you please check OpenSSL versions using command? rpm -qa | grep openssl I have checked it and both x86_64 and i386 are using the same version 1.0.1e-48.el6_8.1. Maybe you did system update and update for i386 version was not available yet? Please try to update system (yum update) and check whether versions match. This is my output, i haven't updated anything, i also haven't done "yum update" yet. [root@vs-ha-eset ~]# rpm -qa | grep openssl openssl-1.0.1e-42.el6_7.1.x86_64 openssl-1.0.1e-42.el6_7.1.i686 Output of "yum update" openssl i686 1.0.1e-48.el6_8.1 updates 1.5 M openssl x86_64 1.0.1e-48.el6_8.1 updates 1.5 M Should i update? Regards Jens Edited July 25, 2016 by j.schulz Link to comment Share on other sites More sharing options...
ESET Staff MartinK 378 Posted July 25, 2016 ESET Staff Share Posted July 25, 2016 Yes, try to update (please create snapshot before), seems like certbot was operating with version you are not using yet. Link to comment Share on other sites More sharing options...
j.schulz 0 Posted July 25, 2016 Author Share Posted July 25, 2016 (edited) Hi, Yes, try to update (please create snapshot before), seems like certbot was operating with version you are not using yet. i made a full update with "yum update", reboot, execution of certbot-auto: This is the output: [root@vs-ha-eset ~]# ./certbot-auto Bootstrapping dependencies for RedHat-based OSes... yum is /usr/bin/yum Loaded plugins: fastestmirror Setting up Install Process Loading mirror speeds from cached hostfile * base: mirror.eu.oneandone.net * epel: mirror.i3d.net * extras: ftp.plusline.de * updates: mirror.eu.oneandone.net Package openssl-1.0.1e-48.el6_8.1.x86_64 already installed and latest version Package ca-certificates-2015.2.6-65.0.1.el6_7.noarch already installed and lates t version Package python-2.6.6-64.el6.x86_64 already installed and latest version Resolving Dependencies --> Running transaction check ---> Package augeas-libs.x86_64 0:1.0.0-10.el6 will be installed ---> Package dialog.x86_64 0:1.1-9.20080819.1.el6 will be installed ---> Package gcc.x86_64 0:4.4.7-17.el6 will be installed --> Processing Dependency: cpp = 4.4.7-17.el6 for package: gcc-4.4.7-17.el6.x86_ 64 --> Processing Dependency: cloog-ppl >= 0.15 for package: gcc-4.4.7-17.el6.x86_6 4 ---> Package libffi-devel.x86_64 0:3.0.5-3.2.el6 will be installed ---> Package openssl-devel.x86_64 0:1.0.1e-48.el6_8.1 will be installed --> Processing Dependency: zlib-devel for package: openssl-devel-1.0.1e-48.el6_8 .1.x86_64 --> Processing Dependency: krb5-devel for package: openssl-devel-1.0.1e-48.el6_8 .1.x86_64 ---> Package python-devel.x86_64 0:2.6.6-64.el6 will be installed ---> Package python-pip.noarch 0:7.1.0-1.el6 will be installed --> Processing Dependency: python-setuptools for package: python-pip-7.1.0-1.el6 .noarch ---> Package python-tools.x86_64 0:2.6.6-64.el6 will be installed --> Processing Dependency: tkinter = 2.6.6-64.el6 for package: python-tools-2.6. 6-64.el6.x86_64 ---> Package python-virtualenv.noarch 0:1.10.1-1.el6 will be installed ---> Package redhat-rpm-config.noarch 0:9.0.3-51.el6.centos will be installed --> Running transaction check ---> Package cloog-ppl.x86_64 0:0.15.7-1.2.el6 will be installed --> Processing Dependency: libppl_c.so.2()(64bit) for package: cloog-ppl-0.15.7- 1.2.el6.x86_64 --> Processing Dependency: libppl.so.7()(64bit) for package: cloog-ppl-0.15.7-1. 2.el6.x86_64 ---> Package cpp.x86_64 0:4.4.7-17.el6 will be installed --> Processing Dependency: libmpfr.so.1()(64bit) for package: cpp-4.4.7-17.el6.x 86_64 ---> Package krb5-devel.x86_64 0:1.10.3-57.el6 will be installed --> Processing Dependency: libselinux-devel for package: krb5-devel-1.10.3-57.el 6.x86_64 --> Processing Dependency: libcom_err-devel for package: krb5-devel-1.10.3-57.el 6.x86_64 --> Processing Dependency: keyutils-libs-devel for package: krb5-devel-1.10.3-57 .el6.x86_64 ---> Package python-setuptools.noarch 0:0.6.10-3.el6 will be installed ---> Package tkinter.x86_64 0:2.6.6-64.el6 will be installed --> Processing Dependency: libtk8.5.so()(64bit) for package: tkinter-2.6.6-64.el 6.x86_64 --> Processing Dependency: libtcl8.5.so()(64bit) for package: tkinter-2.6.6-64.e l6.x86_64 --> Processing Dependency: libTix.so()(64bit) for package: tkinter-2.6.6-64.el6. x86_64 ---> Package zlib-devel.x86_64 0:1.2.3-29.el6 will be installed --> Running transaction check ---> Package keyutils-libs-devel.x86_64 0:1.4-5.el6 will be installed ---> Package libcom_err-devel.x86_64 0:1.41.12-22.el6 will be installed ---> Package libselinux-devel.x86_64 0:2.0.94-7.el6 will be installed --> Processing Dependency: libsepol-devel >= 2.0.32-1 for package: libselinux-de vel-2.0.94-7.el6.x86_64 --> Processing Dependency: pkgconfig(libsepol) for package: libselinux-devel-2.0 .94-7.el6.x86_64 ---> Package mpfr.x86_64 0:2.4.1-6.el6 will be installed ---> Package ppl.x86_64 0:0.10.2-11.el6 will be installed ---> Package tcl.x86_64 1:8.5.7-6.el6 will be installed ---> Package tix.x86_64 1:8.4.3-5.el6 will be installed ---> Package tk.x86_64 1:8.5.7-5.el6 will be installed --> Running transaction check ---> Package libsepol-devel.x86_64 0:2.0.41-4.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: augeas-libs x86_64 1.0.0-10.el6 base 314 k dialog x86_64 1.1-9.20080819.1.el6 base 197 k gcc x86_64 4.4.7-17.el6 base 10 M libffi-devel x86_64 3.0.5-3.2.el6 base 18 k openssl-devel x86_64 1.0.1e-48.el6_8.1 updates 1.2 M python-devel x86_64 2.6.6-64.el6 base 172 k python-pip noarch 7.1.0-1.el6 epel 1.5 M python-tools x86_64 2.6.6-64.el6 base 870 k python-virtualenv noarch 1.10.1-1.el6 epel 1.3 M redhat-rpm-config noarch 9.0.3-51.el6.centos base 60 k Installing for dependencies: cloog-ppl x86_64 0.15.7-1.2.el6 base 93 k cpp x86_64 4.4.7-17.el6 base 3.7 M keyutils-libs-devel x86_64 1.4-5.el6 base 29 k krb5-devel x86_64 1.10.3-57.el6 base 504 k libcom_err-devel x86_64 1.41.12-22.el6 base 33 k libselinux-devel x86_64 2.0.94-7.el6 base 137 k libsepol-devel x86_64 2.0.41-4.el6 base 64 k mpfr x86_64 2.4.1-6.el6 base 157 k ppl x86_64 0.10.2-11.el6 base 1.3 M python-setuptools noarch 0.6.10-3.el6 base 336 k tcl x86_64 1:8.5.7-6.el6 base 1.9 M tix x86_64 1:8.4.3-5.el6 base 252 k tk x86_64 1:8.5.7-5.el6 base 1.4 M tkinter x86_64 2.6.6-64.el6 base 257 k zlib-devel x86_64 1.2.3-29.el6 base 44 k Transaction Summary ================================================================================ Install 25 Package(s) Total download size: 26 M Installed size: 62 M Is this ok [y/N]: y Downloading Packages: (1/25): augeas-libs-1.0.0-10.el6.x86_64.rpm | 314 kB 00:00 (2/25): cloog-ppl-0.15.7-1.2.el6.x86_64.rpm | 93 kB 00:00 (3/25): cpp-4.4.7-17.el6.x86_64.rpm | 3.7 MB 00:00 (4/25): dialog-1.1-9.20080819.1.el6.x86_64.rpm | 197 kB 00:00 (5/25): gcc-4.4.7-17.el6.x86_64.rpm | 10 MB 00:02 (6/25): keyutils-libs-devel-1.4-5.el6.x86_64.rpm | 29 kB 00:00 (7/25): krb5-devel-1.10.3-57.el6.x86_64.rpm | 504 kB 00:00 (8/25): libcom_err-devel-1.41.12-22.el6.x86_64.rpm | 33 kB 00:00 (9/25): libffi-devel-3.0.5-3.2.el6.x86_64.rpm | 18 kB 00:00 (10/25): libselinux-devel-2.0.94-7.el6.x86_64.rpm | 137 kB 00:00 (11/25): libsepol-devel-2.0.41-4.el6.x86_64.rpm | 64 kB 00:00 (12/25): mpfr-2.4.1-6.el6.x86_64.rpm | 157 kB 00:00 (13/25): openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm | 1.2 MB 00:00 (14/25): ppl-0.10.2-11.el6.x86_64.rpm | 1.3 MB 00:00 (15/25): python-devel-2.6.6-64.el6.x86_64.rpm | 172 kB 00:00 (16/25): python-pip-7.1.0-1.el6.noarch.rpm | 1.5 MB 00:00 (17/25): python-setuptools-0.6.10-3.el6.noarch.rpm | 336 kB 00:00 (18/25): python-tools-2.6.6-64.el6.x86_64.rpm | 870 kB 00:00 (19/25): python-virtualenv-1.10.1-1.el6.noarch.rpm | 1.3 MB 00:00 (20/25): redhat-rpm-config-9.0.3-51.el6.centos.noarch.rp | 60 kB 00:00 (21/25): tcl-8.5.7-6.el6.x86_64.rpm | 1.9 MB 00:00 (22/25): tix-8.4.3-5.el6.x86_64.rpm | 252 kB 00:00 (23/25): tk-8.5.7-5.el6.x86_64.rpm | 1.4 MB 00:00 (24/25): tkinter-2.6.6-64.el6.x86_64.rpm | 257 kB 00:00 (25/25): zlib-devel-1.2.3-29.el6.x86_64.rpm | 44 kB 00:00 -------------------------------------------------------------------------------- Total 4.4 MB/s | 26 MB 00:05 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : 1:tcl-8.5.7-6.el6.x86_64 1/25 Installing : 1:tk-8.5.7-5.el6.x86_64 2/25 Installing : python-setuptools-0.6.10-3.el6.noarch 3/25 Installing : 1:tix-8.4.3-5.el6.x86_64 4/25 Installing : tkinter-2.6.6-64.el6.x86_64 5/25 Installing : libsepol-devel-2.0.41-4.el6.x86_64 6/25 Installing : libselinux-devel-2.0.94-7.el6.x86_64 7/25 Installing : python-devel-2.6.6-64.el6.x86_64 8/25 Installing : ppl-0.10.2-11.el6.x86_64 9/25 Installing : cloog-ppl-0.15.7-1.2.el6.x86_64 10/25 Installing : zlib-devel-1.2.3-29.el6.x86_64 11/25 Installing : mpfr-2.4.1-6.el6.x86_64 12/25 Installing : cpp-4.4.7-17.el6.x86_64 13/25 Installing : libcom_err-devel-1.41.12-22.el6.x86_64 14/25 Installing : keyutils-libs-devel-1.4-5.el6.x86_64 15/25 Installing : krb5-devel-1.10.3-57.el6.x86_64 16/25 Installing : openssl-devel-1.0.1e-48.el6_8.1.x86_64 17/25 Installing : gcc-4.4.7-17.el6.x86_64 18/25 Installing : python-virtualenv-1.10.1-1.el6.noarch 19/25 Installing : python-tools-2.6.6-64.el6.x86_64 20/25 Installing : python-pip-7.1.0-1.el6.noarch 21/25 Installing : augeas-libs-1.0.0-10.el6.x86_64 22/25 Installing : dialog-1.1-9.20080819.1.el6.x86_64 23/25 Installing : redhat-rpm-config-9.0.3-51.el6.centos.noarch 24/25 Installing : libffi-devel-3.0.5-3.2.el6.x86_64 25/25 Verifying : libffi-devel-3.0.5-3.2.el6.x86_64 1/25 Verifying : 1:tcl-8.5.7-6.el6.x86_64 2/25 Verifying : openssl-devel-1.0.1e-48.el6_8.1.x86_64 3/25 Verifying : 1:tix-8.4.3-5.el6.x86_64 4/25 Verifying : cpp-4.4.7-17.el6.x86_64 5/25 Verifying : python-pip-7.1.0-1.el6.noarch 6/25 Verifying : keyutils-libs-devel-1.4-5.el6.x86_64 7/25 Verifying : libcom_err-devel-1.41.12-22.el6.x86_64 8/25 Verifying : mpfr-2.4.1-6.el6.x86_64 9/25 Verifying : redhat-rpm-config-9.0.3-51.el6.centos.noarch 10/25 Verifying : dialog-1.1-9.20080819.1.el6.x86_64 11/25 Verifying : zlib-devel-1.2.3-29.el6.x86_64 12/25 Verifying : krb5-devel-1.10.3-57.el6.x86_64 13/25 Verifying : cloog-ppl-0.15.7-1.2.el6.x86_64 14/25 Verifying : python-tools-2.6.6-64.el6.x86_64 15/25 Verifying : augeas-libs-1.0.0-10.el6.x86_64 16/25 Verifying : python-setuptools-0.6.10-3.el6.noarch 17/25 Verifying : ppl-0.10.2-11.el6.x86_64 18/25 Verifying : python-devel-2.6.6-64.el6.x86_64 19/25 Verifying : libsepol-devel-2.0.41-4.el6.x86_64 20/25 Verifying : python-virtualenv-1.10.1-1.el6.noarch 21/25 Verifying : gcc-4.4.7-17.el6.x86_64 22/25 Verifying : libselinux-devel-2.0.94-7.el6.x86_64 23/25 Verifying : 1:tk-8.5.7-5.el6.x86_64 24/25 Verifying : tkinter-2.6.6-64.el6.x86_64 25/25 Installed: augeas-libs.x86_64 0:1.0.0-10.el6 dialog.x86_64 0:1.1-9.20080819.1.el6 gcc.x86_64 0:4.4.7-17.el6 libffi-devel.x86_64 0:3.0.5-3.2.el6 openssl-devel.x86_64 0:1.0.1e-48.el6_8.1 python-devel.x86_64 0:2.6.6-64.el6 python-pip.noarch 0:7.1.0-1.el6 python-tools.x86_64 0:2.6.6-64.el6 python-virtualenv.noarch 0:1.10.1-1.el6 redhat-rpm-config.noarch 0:9.0.3-51.el6.centos Dependency Installed: cloog-ppl.x86_64 0:0.15.7-1.2.el6 cpp.x86_64 0:4.4.7-17.el6 keyutils-libs-devel.x86_64 0:1.4-5.el6 krb5-devel.x86_64 0:1.10.3-57.el6 libcom_err-devel.x86_64 0:1.41.12-22.el6 libselinux-devel.x86_64 0:2.0.94-7.el6 libsepol-devel.x86_64 0:2.0.41-4.el6 mpfr.x86_64 0:2.4.1-6.el6 ppl.x86_64 0:0.10.2-11.el6 python-setuptools.noarch 0:0.6.10-3.el6 tcl.x86_64 1:8.5.7-6.el6 tix.x86_64 1:8.4.3-5.el6 tk.x86_64 1:8.5.7-5.el6 tkinter.x86_64 0:2.6.6-64.el6 zlib-devel.x86_64 0:1.2.3-29.el6 Complete! Creating virtual environment... Installing Python packages... Installation succeeded. /root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6 DeprecationWarning Version: 1.1-20080819 Version: 1.1-20080819 /root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py:496: DeprecationWarning: BaseException.message has been deprecated as of Python 2.6 return e.message No installers are available on your OS yet; try running "letsencrypt-auto certonly" to get a cert you can install manually Regards Jens Edited July 25, 2016 by j.schulz Link to comment Share on other sites More sharing options...
ESET Staff MartinK 378 Posted July 25, 2016 ESET Staff Share Posted July 25, 2016 Based on output: No installers are available on your OS yet; try running "letsencrypt-auto certonly" to get a cert you can install manually it seems procedure you used is not supported on CentOS 6 which was used as base operating system for ERA Virtual Appliance until ERA 6.4 release which introduced new appliance based on CentOS 7. We have no experience with letsencrypt, but I would suggest to test whether it works on new ERA 6.4 appliance (newly deployed). Once you are sure it works, try to migrate your currently deployed appliance to new one. In case migrating to new appliance is not possible, there seems to be way how to manually install letsencrypt certificate, but you will have to consult exact steps with certificate provider. Link to comment Share on other sites More sharing options...
Recommended Posts