CentOS 6 is getting updates through November 30, 2020, but it’s getting more and more difficult to find newer packages for the operating system. If you want to use Certbot for obtaining and renewing Let’s Encrypt TLS certificates, you can use certbot-auto and let it handle the work for you, but I wanted to try only the PyPi package via pip.
Note: I’m using Docker to test these commands via: docker run --rm -it centos:6 bash
# No Python wheels available, so we need gcc and some devel packages
$ yum install gcc libffi-devel openssl-devel python-devel python-pip
# Let's try and install certbot
$ pip install --upgrade certbot
...snip...
Successfully installed ConfigArgParse-0.12.0 PyOpenSSL-17.3.0 acme-0.18.2 certbot-0.18.2 cffi-1.11.0 configobj-5.0.6 cryptography-2.0.3 funcsigs-1.0.2 mock-2.0.0 pbr-3.1.1 pyrfc3339-1.0 requests-2.18.4 zope.component-4.4.0 zope.event-4.3.0
Seemed to work, right? Nope 😠:
$ certbot --help
Traceback (most recent call last):
File "/usr/bin/certbot", line 7, in <module>
from certbot.main import main
File "/usr/lib/python2.6/site-packages/certbot/main.py", line 7, in <module>
import zope.component
File "/usr/lib/python2.6/site-packages/zope/component/__init__.py", line 28, in <module>
from zope.component.globalregistry import getGlobalSiteManager
File "/usr/lib/python2.6/site-packages/zope/component/globalregistry.py", line 18, in <module>
from zope.interface.registry import Components
File "/usr/lib64/python2.6/site-packages/zope/interface/registry.py", line 167
filtered_state = {k: v for k, v in reduction[2].items()
^
SyntaxError: invalid syntax
Of course this doesn’t work, it’s Python 2.6!
Software Collections, to the rescue! Let’s use the Python 2.7 SCL and try again:
# Install the SCL Yum repo files
$ yum install centos-release-scl
# Grab Python 2.7, pip, and related depedencies
$ yum install python27-python-pip
# Install into the SCL root with pip. Wheels are available, so no compiler or devel packages necessary!
$ scl enable python27 'pip install certbot'
...snip...
Successfully installed ConfigArgParse-0.12.0 PyOpenSSL-17.3.0 acme-0.18.2 asn1crypto-0.22.0 certbot-0.18.2 certifi-2017.7.27.1 cffi-1.11.0 chardet-3.0.4 configobj-5.0.6 cryptography-2.0.3 enum34-1.1.6 funcsigs-1.0.2 future-0.16.0 idna-2.6 ipaddress-1.0.18 mock-2.0.0 parsedatetime-2.4 pbr-3.1.1 pycparser-2.18 pyrfc3339-1.0 pytz-2017.2 requests-2.18.4 setuptools-36.5.0 six-1.11.0 urllib3-1.22 zope.component-4.4.0 zope.event-4.3.0 zope.interface-4.4.2
Success! Right?
$ certbot --help
bash: certbot: command not found
Hrm, what happened?
$ find /opt/rh/python27/ -name certbot -executable
/opt/rh/python27/root/usr/bin/certbot
/opt/rh/python27/root/usr/lib/python2.7/site-packages/certbot
Right, it’s in the SCL. You have some options. You could enable the SCL in userspace through commands like source scl_source enable python27 or scl enable python27 bash. Or, because I want to use certbot interactively and in crons without thinking about the SCL, we can use a “shim”:
$ cat > /usr/local/bin/certbot <<'EOF'
#!/bin/bash
source scl_source enable python27
certbot "$@"
EOF
$ chmod -c 755 /usr/local/bin/certbot
Assuming /usr/local/bin/ is in your $PATH, we can test this:
$ certbot register --agree-tos -m 'le@example.com' -n
Saving debug log to /var/log/letsencrypt/letsencrypt.log
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
$ find /etc/letsencrypt \! -type d
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/a1b2c3d4e5f6a7b8a1b2c3d4e5f6a7b8/meta.json
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/a1bx2c3d4e5f6a7b8a1b2c3d4e5f6a7b8/regr.json
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/a1b2c3d4e5f6a7b8a1b2c3d4e5f6a7b8/private_key.json
Now you have certbot on CentOS 6 from PyPi and without certbot-auto (Nothing wrong with certbot-auto, I just prefer to have more control over the installation process). Let me know how it goes for you!