在 Red Hat Enterprise Linux 8 中手动安装 Certbot

tag-icon tag-icon ssl https certbot rhel8
在 Red Hat Enterprise Linux 8 中手动安装 Certbot

我现在使用的是 Red Hat Enterprise Linux 8,EPEL 版本 8 尚未发布。因此我选择手动安装并按照以下步骤操作:

https://certbot.eff.org/lets-encrypt/pip-nginx

我总是收到这个错误

sudo /usr/local/bin/certbot-auto certonly --nginx --verbose --debug
[sudo] password for haidarvm: 
Bootstrapping dependencies for RedHat-based OSes... (you can skip this with --no-bootstrap)
dnf is /bin/dnf
dnf is hashed (/bin/dnf)
Updating Subscription Management repositories.
Last metadata expiration check: 2:06:59 ago on Jum 12 Jul 2019 06:04:00  +08.
Package gcc-8.2.1-3.5.el8.x86_64 is already installed.
Package augeas-libs-1.10.1-8.el8.x86_64 is already installed.
Package openssl-1:1.1.1-8.el8.x86_64 is already installed.
Package openssl-devel-1:1.1.1-8.el8.x86_64 is already installed.
Package libffi-devel-3.1-18.el8.x86_64 is already installed.
Package redhat-rpm-config-116-1.el8.noarch is already installed.
Package ca-certificates-2018.2.24-6.el8.noarch is already installed.
Package python2-libs-2.7.15-22.module+el8.0.0+2961+596d0223.x86_64 is already installed.
Package python2-setuptools-39.0.1-11.module+el8.0.0+2961+596d0223.noarch is already installed.
Package python2-devel-2.7.15-22.module+el8.0.0+2961+596d0223.x86_64 is already installed.
Package python2-virtualenv-15.1.0-18.module+el8.0.0+2961+596d0223.noarch is already installed.
Package python2-tools-2.7.15-22.module+el8.0.0+2961+596d0223.x86_64 is already installed.
Package python2-pip-9.0.3-13.module+el8.0.0+2961+596d0223.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
Creating virtual environment...
Traceback (most recent call last):
  File "<stdin>", line 27, in <module>
  File "<stdin>", line 19, in create_venv
  File "/usr/lib64/python2.7/subprocess.py", line 185, in check_call
    retcode = call(*popenargs, **kwargs)
  File "/usr/lib64/python2.7/subprocess.py", line 172, in call
    return Popen(*popenargs, **kwargs).wait()
  File "/usr/lib64/python2.7/subprocess.py", line 394, in __init__
    errread, errwrite)
  File "/usr/lib64/python2.7/subprocess.py", line 1047, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory

我的系统详细信息是:

Static hostname: xxx.xxx.xxx
         Icon name: computer-vm
           Chassis: vm
    Virtualization: kvm
  Operating System: Red Hat Enterprise Linux 8.0 (Ootpa)
       CPE OS Name: cpe:/o:redhat:enterprise_linux:8.0:GA
            Kernel: Linux 4.18.0-80.4.2.el8_0.x86_64
      Architecture: x86-64

有谁尝试过 CertbotRHEL 8

答案1

Certbot 现在完全支持 RHEL/CentOS 8。只需运行

wget https://dl.eff.org/certbot-auto
chmod +x certbot-auto

为了阿帕奇

./certbot-auto --apache

为了nginx

./certbot-auto --nginx

它安装在我的 CentOS 8 最小安装上:

Package openssl-1:1.1.1-8.el8.x86_64 is already installed.
Package ca-certificates-2018.2.24-6.el8.noarch is already installed.
Dependencies resolved.
=========================================================================================================
 Package                     Arch        Version                                    Repository      Size
=========================================================================================================
Installing:
 gcc                         x86_64      8.2.1-3.5.el8                              AppStream       23 M
 python3-virtualenv          noarch      15.1.0-18.module_el8.0.0+33+0a10c0e1       AppStream      1.7 M
 python36                    x86_64      3.6.8-2.module_el8.0.0+33+0a10c0e1         AppStream       19 k
 python36-devel              x86_64      3.6.8-2.module_el8.0.0+33+0a10c0e1         AppStream       16 k
 redhat-rpm-config           noarch      116-1.el8.0.1                              AppStream       82 k
 augeas-libs                 x86_64      1.10.1-8.el8                               BaseOS         392 k
 libffi-devel                x86_64      3.1-18.el8                                 BaseOS          28 k
 openssl-devel               x86_64      1:1.1.1-8.el8                              BaseOS         2.3 M

以及更多依赖包,包括上面提到的 python3-virtualenv。请关注 certbot 文档以获取更多帮助。

答案2

我正在寻求 certbot 成员 Brad Warren 的帮助: https://github.com/certbot/certbot/issues/7241

他仅通过安装一个简单的命令就帮助了我:

$ sudo dnf install python3-virtualenv

一切运行顺利,结果如下:

sudo /usr/local/bin/certbot-auto --nginx --verbose --debug

Nothing to do.
Complete!
Creating virtual environment...
Running virtualenv with interpreter /bin/python2.7
New python executable in /opt/eff.org/certbot/venv/bin/python2.7
Also creating executable in /opt/eff.org/certbot/venv/bin/python
Installing setuptools, pip, wheel...done.
Installing Python packages...

Collecting ConfigArgParse==0.14.0 (from -r /tmp/tmp.B6Gcl1HiRV/letsencrypt-auto-requirements.txt (line 7))
  Downloading https://files.pythonhosted.org/packages/55/ea/f0ade52790bcd687127a302b26c1663bf2e0f23210d5281dbfcd1dfcda28/ConfigArgParse-0.14.0.tar.gz
Collecting asn1crypto==0.24.0 (from -r /tmp/tmp.B6Gcl1HiRV/letsencrypt-auto-requirements.txt (line 9))
  Downloading https://files.pythonhosted.org/packages/ea/cd/35485615f45f30a510576f1a56d1e0a7ad7bd8ab5ed7cdc600ef7cd06222/asn1crypto-0.24.0-py2.py3-none-any.whl (101kB)
    100% |████████████████████████████████| 102kB 30.5MB/s 
Collecting certifi==2019.3.9 (from -r /tmp/tmp.B6Gcl1HiRV/letsencrypt-auto-requirements.txt (line 12))
  Downloading https://files.pythonhosted.org/packages/60/75/f692a584e85b7eaba0e03827b3d51f45f571c2e793dd731e598828d380aa/certifi-2019.3.9-py2.py3-none-any.whl (158kB)
    100% |████████████████████████████████| 163kB 68.6MB/s 
Collecting cffi==1.12.2 (from -r /tmp/tmp.B6Gcl1HiRV/letsencrypt-auto-requirements.txt (line 15))
  Downloading https://files.pythonhosted.org/packages/9d/6f/aea9f5559fb593da07ff34e67513bd62483b45715b4a5f5fae6a0a5792ea/cffi-1.12.2-cp27-cp27mu-manylinux1_x86_64.whl (413kB)
    100% |████████████████████████████████| 419kB 19.6MB/s 
Collecting chardet==3.0.4 (from -r /tmp/tmp.B6Gcl1HiRV/letsencrypt-auto-requirements.txt (line 44))
  Downloading https://files.pythonhosted.org/packages/bc/a9/01ffebfb562e4274b6487b4bb1ddec7ca55ec7510b22e4c51f14098443b8/chardet-3.0.4-py2.py3-none-any.whl (133kB)
    100% |████████████████████████████████| 143kB 51.9MB/s 
Collecting configobj==5.0.6 (from -r /tmp/tmp.B6Gcl1HiRV/letsencrypt-auto-requirements.txt (line 47))
  Downloading https://files.pythonhosted.org/packages/64/61/079eb60459c44929e684fa7d9e2fdca403f67d64dd9dbac27296be2e0fab/configobj-5.0.6.tar.gz
Collecting cryptography==2.6.1 (from -r /tmp/tmp.B6Gcl1HiRV/letsencrypt-auto-requirements.txt (line 49))
  Downloading https://files.pythonhosted.org/packages/c3/c1/cf8665c955c9393e9ff0872ba6cd3dc6f46ef915e94afcf6e0410508ca69/cryptography-2.6.1-cp27-cp27mu-manylinux1_x86_64.whl (2.3MB)
    100% |████████████████████████████████| 2.3MB 46.4MB/s 
Collecting enum34==1.1.6 (from -r /tmp/tmp.B6Gcl1HiRV/letsencrypt-auto-requirements.txt (line 71))
  Downloading https://files.pythonhosted.org/packages/c5/db/e56e6b4bbac7c4a06de1c50de6fe1ef3810018ae11732a50f15f62c7d050/enum34-1.1.6-py2-none-any.whl
Collecting funcsigs==1.0.2 (from -r /tmp/tmp.B6Gcl1HiRV/letsencrypt-auto-requirements.txt (line 76))
  Downloading https://files.pythonhosted.org/packages/69/cb/f5be453359271714c01b9bd06126eaf2e368f1fddfff30818754b5ac2328/funcsigs-1.0.2-py2.py3-none-any.whl
Collecting future==0.17.1 (from -r /tmp/tmp.B6Gcl1HiRV/letsencrypt-auto-requirements.txt (line 79))
  Downloading https://files.pythonhosted.org/packages/90/52/e20466b85000a181e1e144fd8305caf2cf475e2f9674e797b222f8105f5f/future-0.17.1.tar.gz (829kB)
    100% |████████████████████████████████| 829kB 70.0MB/s 
....
Requirement already satisfied: setuptools>=1.0 in /opt/eff.org/certbot/venv/lib/python2.7/site-packages (from josepy==1.1.0->-r /tmp/tmp.B6Gcl1HiRV/letsencrypt-auto-requirements.txt (line 87))
Installing collected packages: ConfigArgParse, asn1crypto, certifi, pycparser, cffi, chardet, six, configobj, enum34, ipaddress, cryptography, funcsigs, future, idna, pyOpenSSL, josepy, pbr, mock, parsedatetime, pytz, pyRFC3339, pyparsing, python-augeas, urllib3, requests, requests-toolbelt, zope.interface, zope.proxy, zope.deferredimport, zope.deprecation, zope.hookable, zope.event, zope.component, acme, certbot, letsencrypt, certbot-apache, certbot-nginx
  Running setup.py install for ConfigArgParse ... done
  Running setup.py install for pycparser ... done
  Running setup.py install for configobj ... done
  Running setup.py install for future ... done
  Running setup.py install for python-augeas ... done
  Running setup.py install for zope.proxy ... done
  Running setup.py install for zope.hookable ... done
Successfully installed ConfigArgParse-0.14.0 acme-0.36.0 asn1crypto-0.24.0 certbot-0.36.0 certbot-apache-0.36.0 certbot-nginx-0.36.0 certifi-2019.3.9 cffi-1.12.2 chardet-3.0.4 configobj-5.0.6 cryptography-2.6.1 enum34-1.1.6 funcsigs-1.0.2 future-0.17.1 idna-2.8 ipaddress-1.0.22 josepy-1.1.0 letsencrypt-0.7.0 mock-1.3.0 parsedatetime-2.4 pbr-5.1.3 pyOpenSSL-19.0.0 pyRFC3339-1.1 pycparser-2.19 pyparsing-2.3.1 python-augeas-0.5.0 pytz-2018.9 requests-2.21.0 requests-toolbelt-0.9.1 six-1.12.0 urllib3-1.24.2 zope.component-4.5 zope.deferredimport-4.3 zope.deprecation-4.4.0 zope.event-4.4 zope.hookable-4.2.0 zope.interface-4.6.0 zope.proxy-4.3.1
Installation succeeded.
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator nginx and installer nginx
Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7f22224214d0>
Prep: True
Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7f22224214d0>
Prep: True
...
Reporting to user: Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/haidar.online/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/haidar.online/privkey.pem
Your cert will expire on 2019-10-11. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew"
Reporting to user: If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
Donating to EFF:                    https://eff.org/donate-le



IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/haidar.online/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/haidar.online/privkey.pem
   Your cert will expire on 2019-10-11. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

它在我的服务器上完美运行。非常感谢,我真的很感激

顺便说一句,我正在运行它,仍然使用 certbot 版本 0.36.0

相关内容