При установке и запуске Let’s Ecnrypt клиента — вылезла ошибка Python:
root@jm-monitoring-production-vm:~# letsencrypt certonly --config-dir /data/letsencrypt/ --noninteractive --webroot --webroot-path /var/www/html/ --email email@domain.tld --agree-tos --domains monitor.domain.tld Traceback (most recent call last): File "/usr/bin/letsencrypt", line 9, in <module> load_entry_point('letsencrypt==0.4.1', 'console_scripts', 'letsencrypt')() File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 542, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2569, in load_entry_point return ep.load() File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2229, in load return self.resolve() File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2235, in resolve module = __import__(self.module_name, fromlist=['__name__'], level=0) File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 21, in <module> import OpenSSL File "/usr/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in <module> from OpenSSL import rand, crypto, SSL File "/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 118, in <module> SSL_ST_INIT = _lib.SSL_ST_INIT AttributeError: 'module' object has no attribute 'SSL_ST_INIT'
ОК — пробуем обновить пакет pyOpenSSL
:
root@jm-monitoring-production-vm:~# pip install --upgrade pyOpenSSL
Traceback (most recent call last):
File "/usr/bin/pip", line 9, in <module>
from pip import main
File "/usr/lib/python2.7/dist-packages/pip/__init__.py", line 13, in <module>
from pip.exceptions import InstallationError, CommandError, PipError
File "/usr/lib/python2.7/dist-packages/pip/exceptions.py", line 6, in <module>
from pip._vendor.six import iteritems
File "/usr/lib/python2.7/dist-packages/pip/_vendor/__init__.py", line 64, in <module>
vendored("cachecontrol")
File "/usr/lib/python2.7/dist-packages/pip/_vendor/__init__.py", line 36, in vendored
__import__(modulename, globals(), locals(), level=0)
File "/usr/share/python-wheels/CacheControl-0.11.5-py2.py3-none-any.whl/cachecontrol/__init__.py", line 9, in <module>
File "/usr/share/python-wheels/CacheControl-0.11.5-py2.py3-none-any.whl/cachecontrol/wrapper.py", line 1, in <module>
File "/usr/share/python-wheels/CacheControl-0.11.5-py2.py3-none-any.whl/cachecontrol/adapter.py", line 3, in <module>
File "/usr/share/python-wheels/requests-2.9.1-py2.py3-none-any.whl/requests/__init__.py", line 53, in <module>
File "/usr/share/python-wheels/urllib3-1.13.1-py2.py3-none-any.whl/urllib3/contrib/pyopenssl.py", line 54, in <module>
File "/usr/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import rand, crypto, SSL
File "/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 118, in <module>
SSL_ST_INIT = _lib.SSL_ST_INIT
AttributeError: 'module' object has no attribute 'SSL_ST_INIT'
Эм… ОК — попробуем обновить сам pip
:
root@jm-monitoring-production-vm:~# pip install --upgrade pip
Traceback (most recent call last):
File "/usr/bin/pip", line 9, in <module>
from pip import main
...
File "/usr/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import rand, crypto, SSL
File "/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 118, in <module>
SSL_ST_INIT = _lib.SSL_ST_INIT
AttributeError: 'module' object has no attribute 'SSL_ST_INIT'
Da fuck? И ты, pip
?
Решение — обновить через setup_tools
:
root@jm-monitoring-production-vm:~# python -m easy_install --upgrade pyOpenSSL
Searching for pyOpenSSL
Reading https://pypi.python.org/simple/pyOpenSSL/
Best match: pyOpenSSL 17.5.0
Downloading https://pypi.python.org/packages/3b/15/a5d90ab1a41075e8f0fae334f13452549528f82142b3b9d0c9d86ab7178c/pyOpenSSL-17.5.0.tar.gz#md5=d9c5134db8bf3183573b7840954cac94
Processing pyOpenSSL-17.5.0.tar.gz
Writing /tmp/easy_install-YrhTMG/pyOpenSSL-17.5.0/setup.cfg
Running pyOpenSSL-17.5.0/setup.py -q bdist_egg --dist-dir /tmp/easy_install-YrhTMG/pyOpenSSL-17.5.0/egg-dist-tmp-EoN7Gk
...
Moving pyOpenSSL-17.5.0-py2.7.egg to /usr/local/lib/python2.7/dist-packages
Adding pyOpenSSL 17.5.0 to easy-install.pth file
Installed /usr/local/lib/python2.7/dist-packages/pyOpenSSL-17.5.0-py2.7.egg
Processing dependencies for pyOpenSSL
Finished processing dependencies for pyOpenSSL
Проверяем:
root@jm-monitoring-production-vm:~# !139
letsencrypt certonly --config-dir /data/letsencrypt/ --noninteractive --webroot --webroot-path /var/www/html/ --email email@domain.tld --agree-tos --domains monitor.domain.tld
Failed authorization procedure. monitor.domain.tld (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://monitor.domain.tld/.well-known/acme-challenge/B-E-qEty-f82E5RKvN0_JQMkqfw4mCyfCywGLzOLPYg: "<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>
...
ОК — работает.
Ну — почти 🙂 С 403 раберёмся потом, это уже ограничение доступа на NGINX.
Готово.