我正在尝试编写一个脚本,它将通过最新的 CentOS6.x 上的 cronjob 自动更新 letsencrypt 证书。
为此我编写了以下脚本:
#!/bin/sh
#
# get newest "Let's Encrypt" version
#
cd /opt/letsencrypt
git pull
# bug fix #201600233: update pip
echo "****************************************************************"
echo pip --version
pip --version
echo "****************************************************************"
pip install --upgrade pip
#
# update certs
#
# stop httpd
/etc/init.d/httpd stop
# renew certs
/opt/letsencrypt/letsencrypt-auto renew > /var/log/letsencrypt/renew.log 2>&1
LE_STATUS=$?
# start httpd
/etc/init.d/httpd start
# check "Let's Encrypt" result
if [ "$LE_STATUS" != 0 ]; then
echo Automated renewal failed:
cat /var/log/letsencrypt/renew.log
exit 1
fi
每次我从命令行执行此脚本时,一切都很好。脚本运行时没有任何错误。但每次我通过 cronjob 启动脚本时,都会收到错误
You are using pip version 8.0.3, however version 8.1.2 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
不确定为什么会发生这些情况...是否缺少任何环境变量?
这是 cronjob 的所有输出。还请注意,cronjob 输出显示 pip 版本为“8.1.2”。
Already up-to-date.
****************************************************************
pip --version
pip 8.1.2 from /usr/lib/python2.6/site-packages (python 2.6)
****************************************************************
DEPRECATION: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of pip will drop support for Python 2.6
Requirement already up-to-date: pip in /usr/lib/python2.6/site-packages
httpd beenden: [ OK ]^M
httpd starten: [ OK ]^M
Automated renewal failed:
Bootstrapping dependencies for RedHat-based OSes...
yum ist /usr/bin/yum
Geladene Plugins: fastestmirror, refresh-packagekit, security, verify
Einrichten des Installationsprozess
Loading mirror speeds from cached hostfile
* base: centosmirror.netcup.net
* epel: mirrors.n-ix.net
* extras: centosmirror.netcup.net
* updates: mirror.ratiokontakt.de
* webtatic: uk.repo.webtatic.com
Paket gcc-4.4.7-17.el6.x86_64 ist bereits in der neusten Version installiert.
Paket dialog-1.1-9.20080819.1.el6.x86_64 ist bereits in der neusten Version installiert.
Paket augeas-libs-1.0.0-10.el6.x86_64 ist bereits in der neusten Version installiert.
Paket openssl-1.0.1e-48.el6_8.1.x86_64 ist bereits in der neusten Version installiert.
Paket openssl-devel-1.0.1e-48.el6_8.1.x86_64 ist bereits in der neusten Version installiert.
Paket libffi-devel-3.0.5-3.2.el6.x86_64 ist bereits in der neusten Version installiert.
Paket redhat-rpm-config-9.0.3-51.el6.centos.noarch ist bereits in der neusten Version installiert.
Paket ca-certificates-2015.2.6-65.0.1.el6_7.noarch ist bereits in der neusten Version installiert.
Paket python-2.6.6-64.el6.x86_64 ist bereits in der neusten Version installiert.
Paket python-devel-2.6.6-64.el6.x86_64 ist bereits in der neusten Version installiert.
Paket python-virtualenv-1.10.1-1.el6.noarch ist bereits in der neusten Version installiert.
Paket python-tools-2.6.6-64.el6.x86_64 ist bereits in der neusten Version installiert.
Paket python-pip-7.1.0-1.el6.noarch ist bereits in der neusten Version installiert.
Paket 1:mod_ssl-2.2.15-53.el6.centos.x86_64 ist bereits in der neusten Version installiert.
Nichts zu tun
Creating virtual environment...
Installing Python packages...
Had a problem while installing Python packages:
DEPRECATION: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of pip will drop support for Python 2.6
Requirement already satisfied (use --upgrade to upgrade): argparse==1.4.0 in /.local/share/letsencrypt/lib/python2.6/site-packages (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 5))
Collecting pycparser==2.14 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 11))
//.local/share/letsencrypt/lib64/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:315: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning.
SNIMissingWarning
//.local/share/letsencrypt/lib64/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
Downloading pycparser-2.14.tar.gz (223kB)
Collecting cffi==1.4.2 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 14))
Downloading cffi-1.4.2.tar.gz (365kB)
Collecting ConfigArgParse==0.10.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 31))
Downloading ConfigArgParse-0.10.0.tar.gz
Collecting configobj==5.0.6 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 33))
Downloading configobj-5.0.6.tar.gz
Collecting cryptography==1.2.3 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 35))
Downloading cryptography-1.2.3.tar.gz (373kB)
Collecting enum34==1.1.2 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 57))
Downloading enum34-1.1.2.tar.gz (46kB)
Collecting funcsigs==0.4 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 60))
Downloading funcsigs-0.4-py2.py3-none-any.whl
Collecting idna==2.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 63))
Downloading idna-2.0-py2.py3-none-any.whl (61kB)
Collecting ipaddress==1.0.16 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 66))
Downloading ipaddress-1.0.16.tar.gz
Collecting linecache2==1.0.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 69))
Downloading linecache2-1.0.0-py2.py3-none-any.whl
Collecting ndg-httpsclient==0.4.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 72))
Downloading ndg_httpsclient-0.4.0.tar.gz
Collecting ordereddict==1.1 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 74))
Downloading ordereddict-1.1.tar.gz
Collecting parsedatetime==2.1 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 76))
Downloading parsedatetime-2.1-py2-none-any.whl
Collecting pbr==1.8.1 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 79))
Downloading pbr-1.8.1-py2.py3-none-any.whl (89kB)
Collecting psutil==3.3.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 82))
Downloading psutil-3.3.0.tar.gz (261kB)
Collecting pyasn1==0.1.9 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 104))
Downloading pyasn1-0.1.9-py2.py3-none-any.whl
Collecting pyOpenSSL==0.15.1 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 116))
Downloading pyOpenSSL-0.15.1-py2.py3-none-any.whl (102kB)
Collecting pyRFC3339==1.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 119))
Downloading pyRFC3339-1.0-py2.py3-none-any.whl
Collecting python-augeas==0.5.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 122))
Downloading python-augeas-0.5.0.tar.gz (90kB)
Collecting python2-pythondialog==3.3.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 124))
Downloading python2-pythondialog-3.3.0.tar.bz2 (1.8MB)
Collecting pytz==2015.7 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 127))
Downloading pytz-2015.7-py2.py3-none-any.whl (476kB)
Collecting requests==2.9.1 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 141))
Downloading requests-2.9.1-py2.py3-none-any.whl (501kB)
Collecting six==1.10.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 144))
Downloading six-1.10.0-py2.py3-none-any.whl
Collecting traceback2==1.4.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 147))
Downloading traceback2-1.4.0-py2.py3-none-any.whl
Collecting unittest2==1.1.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 150))
Downloading unittest2-1.1.0-py2.py3-none-any.whl (96kB)
Collecting zope.component==4.2.2 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 153))
Downloading zope.component-4.2.2.tar.gz (546kB)
Collecting zope.event==4.1.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 155))
Downloading zope.event-4.1.0.tar.gz (476kB)
Collecting zope.interface==4.1.3 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 157))
Downloading zope.interface-4.1.3.tar.gz (141kB)
Collecting mock==1.0.1 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 175))
Downloading mock-1.0.1.zip (861kB)
Collecting letsencrypt==0.7.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 178))
Downloading letsencrypt-0.7.0-py2-none-any.whl
Collecting acme==0.8.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 184))
Downloading acme-0.8.0-py2.py3-none-any.whl (91kB)
Collecting certbot==0.8.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 187))
Downloading certbot-0.8.0-py2-none-any.whl (215kB)
Collecting certbot-apache==0.8.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 190))
Downloading certbot_apache-0.8.0-py2-none-any.whl (103kB)
Collecting setuptools>=1.0 (from cryptography==1.2.3->-r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 35))
In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
setuptools>=1.0 from https://pypi.python.org/packages/a6/2b/803bd512ae9a69164ccfc29d289c99fa1b50cdfeb57aa3ab2239094e4751/setuptools-22.0.2-py2.py3-none-any.whl#md5=51dcd17dd15db58ee090565e99b0e94d (from cryptography==1.2.3->-r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 35))
//.local/share/letsencrypt/lib64/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
You are using pip version 8.0.3, however version 8.1.2 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
答案1
首先:感谢“Jeremy Dover”。你的评论对我非常有帮助!:-)
在我将HOME环境变量设置为后/root,它就可以正常工作了。似乎 letsencrypt 会从任何地方进行 pip 安装/root/.local/share/letsencrypt/(因为我已以 root 用户身份安装了 letsencrypt),并且当 HOME 变量设置不正确时,letsencrypt 无法找到它...