How To Upgrade Certbot, Python and PIP on AWS Linux 1

Author: erics, May 6th, 2020

I ran letsencrypt-auto renew and got the following error:

root@prod06b:/etc/httpd/conf.d # /root/letsencrypt/letsencrypt-auto renew
Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt: 
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in <module>
    from certbot.main import main
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 2, in <module>
    from certbot._internal import main as internal_main
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/_internal/main.py", line 10, in <module>
    import josepy as jose
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py", line 41, in <module>
    from josepy.interfaces import JSONDeSerializable
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 7, in <module>
    from josepy import errors, util
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 7, in <module>
    import OpenSSL
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 12, in <module>
    from cryptography import x509
ImportError: No module named cryptography

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

root@prod06b:/etc/httpd/conf.d # /root/letsencrypt/letsencrypt-auto renew

Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:

Traceback (most recent call last):

File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in <module>

from certbot.main import main

File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 2, in <module>

from certbot._internal import main as internal_main

File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/_internal/main.py", line 10, in <module>

import josepy as jose

File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py", line 41, in <module>

from josepy.interfaces import JSONDeSerializable

File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 7, in <module>

from josepy import errors, util

File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 7, in <module>

import OpenSSL

File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in <module>

from OpenSSL import crypto, SSL

File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 12, in <module>

from cryptography import x509

ImportError: No module named cryptography

The solution in this article gave me the answer:

sudo rm -rf /opt/eff.org/*
sudo pip install -U certbot
sudo certbot renew --debug

1

2

3

sudo rm -rf /opt/eff.org/*

sudo pip install -U certbot

sudo certbot renew --debug

Turns out Python was old at version 2.7, so did the following also:

sudo yum -y install python36
sudo alternatives --config python
sudo pip install --upgrade pip

1

2

3

sudo yum -y install python36

sudo alternatives --config python

sudo pip install --upgrade pip

Also had to change the cron job script to call certbot directly instead of letsencrypt-auto : vi /root/letsencrypt-cron.sh

#!/bin/sh
#
# letsencrypt-cron.sh
#
#OLD: if ! /root/letsencrypt/letsencrypt-auto renew > /var/log/letsencrypt/renew.log 2>&1 ; then
#NEW:
if ! /usr/bin/certbot renew > /var/log/letsencrypt/renew.log 2>&1 ; then
    echo Automated renewal failed: 
    cat /var/log/letsencrypt/renew.log
    exit 1  
fi
apachectl graceful

1

2

3

4

5

6

7

8

9

10

11

12

#!/bin/sh

#

# letsencrypt-cron.sh

#

#OLD: if ! /root/letsencrypt/letsencrypt-auto renew > /var/log/letsencrypt/renew.log 2>&1 ; then

#NEW:

if ! /usr/bin/certbot renew > /var/log/letsencrypt/renew.log 2>&1 ; then

echo Automated renewal failed:

cat /var/log/letsencrypt/renew.log

exit 1

fi

apachectl graceful

Categories: How-To's, Technology Tags: AWS, AWS Linux, cert, Certbot, howto, Install, Linux, pip, Python, Renew, ssl, tips, upgrade, Yum | No comments

How To Upgrade MySQL from 5.5 to 5.7 on CentOS/AWS Linux

Author: erics, December 7th, 2017

START: Server version: 5.5.54-log MySQL Community Server (GPL) FINISH: Server version: 5.7.20-log MySQL Community Server (GPL)

mysql --execute="SET GLOBAL innodb_fast_shutdown=0;"
service mysqld stop
yum remove mysql mysql-*
yum install mysql57-devel mysql57-server mysql57-test
service mysqld start
mysql_upgrade

1

2

3

4

5

6

mysql --execute="SET GLOBAL innodb_fast_shutdown=0;"

service mysqld stop

yum remove mysql mysql-*

yum install mysql57-devel mysql57-server mysql57-test

service mysqld start

mysql_upgrade

Categories: How-To's, Technology Tags: 5.5, 5.7, AWS, AWS Linux, CentOS, howto, mysql, MySQL 5.5, MySQL 5.7, tips, upgrade | No comments

How To Patch the ShellShock bash Bug on Older or Beta AWS Linux AMI’s

Author: erics, October 1st, 2014

This is the standard upgrade method for AWS Linux AMI’s:

yum clean all
yum update bash

1 2	yum clean all yum update bash

Or use this for the version 2012.09, 2012.03, or 2011.09 repositories:

yum clean all
yum --releasever=2013.03 update bash

1 2	yum clean all yum --releasever=2013.03 update bash

For older AWS Linux AMI’s, you may not be able to use the standard upgrade method as described in this link: https://alas.aws.amazon.com/ALAS-2014-419.html These are the steps needed to manually patch bash 4.1: […]

Categories: How-To's, Technology Tags: AMI, AWS, AWS Linux, bash, Beta, bug, Linux, patch, ShellShock | 1 comment

How to Install Apache mod_evasive on AWS Linux/CentOS

Author: erics, July 26th, 2014

I was getting tired of using iptables to block the various hackers and bots constantly slamming my servers (the Chinese are the worst offenders by far – curse them!). I found the Apache module mod_evasive and installed it. Here are links to various articles about mod_evasive: http://www.zdziarski.com/blog/?page_id=442 https://coderwall.com/p/eouy3g http://www.crucialp.com/resources/tutorials/server-administration/flood-protection-dos-ddos-protection-apache-1.3-2.0-mod_dosevasive-avoiding-denial-of-service-attacks.php Add the Module to Apache I […]

Categories: How-To's, Technology Tags: apache, Attack, AWS, AWS Linux, CentOS, DDOS, Defend, dos, evasive, http, mod_evasive, Web | No comments

How to Patch CGI::Application::Plugin::ConfigAuto to Run Perl in Taint Mode

Author: erics, April 13th, 2012

I had to patch the distribution by adding the following variable into the code: $Config::Auto::Untaint = 1; Here is the fix on AWS Linux: vim /usr/local/share/perl5/CGI/Application/Plugin/ConfigAuto.pm 141 sub cfg { 142 my $self = shift; 143 144 if (!$self->{__CFG}) { 145 require Config::Auto; 146 $Config::Auto::Untaint = 1; (ADD THIS NEW LINE HERE)

Categories: How-To's, Technology Tags: AWS, AWS Linux, CGI::Application::Plugin::ConfigAuto, Config::Auto, howto, Linux, perl, Taint, Taint Mode, tips | No comments

How To Upgrade Certbot, Python and PIP on AWS Linux 1

How To Upgrade MySQL from 5.5 to 5.7 on CentOS/AWS Linux

How To Patch the ShellShock bash Bug on Older or Beta AWS Linux AMI’s

How to Install Apache mod_evasive on AWS Linux/CentOS

How to Patch CGI::Application::Plugin::ConfigAuto to Run Perl in Taint Mode

Our Link Network

Business

Client Websites

Fine Dining

Friends & Family

Galleries

Health

Resources

Technology

Travel

The Archives

Various Topics of No Interest

Latest Ramblings…