Amazon LinuxでLet’s Encryptの更新作業に手間取った話

みなさんこんにちは! このブログはLet’s Encryptを使ってSSL化されているのですが、その更新に3時間くらい使ってしまったので、同じ人のために書き残しておきます。

ちなみにAmazon Linuxで、Amazon Lightsailを使って、nginx+php-fpmで運用されています。

最初のエラーメッセージ

最初に出てきたのが./certbot-auto: line 681: virtualenv: command not foundというエラーメッセージ。pip install virtualenvしても何をしてもダメでした。

# certbot-auto renew --debug
Bootstrapping dependencies for Amazon... (you can skip this with --no-bootstrap)
yum is /usr/bin/yum
Loaded plugins: priorities, update-motd, upgrade-helper
9 packages excluded due to repository priority protections
Package gcc-4.8.3-3.20.amzn1.noarch already installed and latest version
Package augeas-libs-1.0.0-5.7.amzn1.x86_64 already installed and latest version
Package 1:openssl-1.0.1k-15.99.amzn1.x86_64 already installed and latest version
Package 1:openssl-devel-1.0.1k-15.99.amzn1.x86_64 already installed and latest version
Package libffi-devel-3.0.13-16.5.amzn1.x86_64 already installed and latest version
Package system-rpm-config-9.0.3-42.28.amzn1.noarch already installed and latest version
Package ca-certificates-2015.2.6-65.0.1.16.amzn1.noarch already installed and latest version
Package python27-2.7.12-2.120.amzn1.x86_64 already installed and latest version
Package python27-devel-2.7.12-2.120.amzn1.x86_64 already installed and latest version
Package python27-virtualenv-12.0.7-1.13.amzn1.noarch already installed and latest version
Package python27-tools-2.7.12-2.120.amzn1.x86_64 already installed and latest version
Package python27-pip-6.1.1-1.23.amzn1.noarch already installed and latest version
Nothing to do
Creating virtual environment...
./certbot-auto: line 681: virtualenv: command not found

そんなときに見つけたのが以下のissue ./letsencrypt-auto: line 460: virtualenv: command not found #2889

yum remove python27-virtualenvしたあとにyum install python27-virtualenvしたら動いたよ!というメッセージを見つけ、まさかまさか・・・と思いつつ実行。

# yum remove python27-virtualenv
# yum -y install python27-virtualenv
# sudo ./certbot-auto renew --debug
...(省略)
Installing Python packages...
Installation succeeded.
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/bin/letsencrypt", line 7, in 
    from certbot.main import main
  File "/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/main.py", line 7, in 
    import zope.component
  File "/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/zope/component/__init__.py", line 16, in 
    from zope.interface import Interface
ImportError: No module named interface

つまずくところは変わったけど結局エラー・・・

No module named interfaceエラー

うーん、と色々調べていくと以下の記事がヒット。 Amazon Linux 上の Let’s Encrypt で証明書更新エラーが出た時の対処方法

この記事と同じように、PYTHON_INSTALL_LAYOUTになんか設定されてんの?と思いつつ見ると設定されてる。よってそれをunset。

# env | grep PYTHON_INSTALL_LAYOUT
# unset PYTHON_INSTALL_LAYOUT

実行しようと思ったら以下のように出たので、環境変数をもう一度設定するために~/.local以下を削除。

# ./certbot-auto renew --debug
Error: couldn't get currently installed version for /root/.local/share/letsencrypt/bin/letsencrypt:
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/bin/letsencrypt", line 7, in 
    from certbot.main import main
  File "/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/main.py", line 7, in 
    import zope.component
  File "/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/zope/component/__init__.py", line 16, in 
    from zope.interface import Interface
ImportError: No module named interface
# rm -Rf ~/.local/

そしてもう1回実行。

# certbot-auto renew --debug
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/tagamidaiki.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for tagamidaiki.com
Waiting for verification...
Cleaning up challenges

-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/tagamidaiki.com/fullchain.pem
-------------------------------------------------------------------------------

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/tagamidaiki.com/fullchain.pem (success)

そうすると成功しましたとさ。 長い道のりだった・・・(´・ω・`)