I am on AWS Ec2 Amazon Linux and trying to use Let's Encrypt. When I first installed Let's Encrypt couple month back I did not have any issues renewing the certificates. But now I receive this error and not able to renew.
# ./certbot-auto --debug
Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in <module>
from certbot.main import main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 7, in <module>
import zope.component
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/zope/component/__init__.py", line 16, in <module>
from zope.interface import Interface
ImportError: No module named interface
I have tried unset PYTHON_INSTALL_LAYOUT and upgrading pip,virtualenv. No luck.
It seems to be simialr to this issue Letsencrypt ImportError: No module named interface on amazon linux while renewing But dirctory is different. Not sure I want to rm the /opt/eff.org/certbot/venv/bin/letsencrypt
I was able to fix this problem with:
sudo rm -rf /root/.local/share/letsencrypt/
sudo rm -rf /opt/eff.org/certbot/
Then rerun certbot-auto in user mode (ec2-user).
./certbot-auto renew -v --debug
I hit exactly this issue just now with Amazon Linux. The fix that worked for me is detailed on the certbot GitHub issue
I had the same issue from what appears to be a bad install of certbot.
I fixed it by running the following:
unset PYTHON_INSTALL_LAYOUT
/root/.local/share/letsencrypt/bin/pip install --upgrade certbot
I did not have pip installed separately on the server, it was only available as part of the certbot install, so this was the only way I could use pip to upgrade the installation properly.
If you have pip installed on your EC2 instance as I do, you can simply do this:
rm -rf /opt/eff.org/*
pip install -U certbot
certbot renew --debug
Downloading certbot-auto via wget has always caused problems for me, so the above method is preferred.
Related
I am trying to install a python function using M2Crypto in AWS Lambda.
I spun up an EC2 instance with the Lambda AMI image, installed M2Crypto into a virtualenv, and was able to get my function working on EC2.
Then I zipped up the site-package and uploaded to Lambda. I got this error
Unable to import module 'epd_M2Crypto':
/var/task/M2Crypto/_m2crypto.cpython-36m-x86_64-linux-gnu.so: symbol
sk_deep_copy, version libcrypto.so.10 not defined in file
libcrypto.so.10 with link time reference
There are similar questions and hints here and here. I tried uploading the offending lib (libcrypto.so.10) in the zip file, but still get the same error. I am assuming the error means that the EC2 version of libcrypto.so.10 (used to install M2Crypto) is different than the version on Lambda (that I trying to run with), so M2Crypto complains.
If I look at the versions of openssl they are different:
OpenSSL 1.0.0-fips 29 Mar 2010 (lambda version)
OpenSSL 1.0.2k-fips 26 Jan 2017 (ec2 version)
I don't think the answer is to downgrade openssl on ec2 as the 1.0.0 version is obsolete (AWS applies security patches but the version still shows as 1.0.0). (Also the yum doesn't have versions this old)
Here's the steps i used on the EC2 instance to get it working on EC2:
$ sudo yum -y update
$ sudo yum -y install python36
$ sudo yum -y install python-virtualenv
$ sudo yum -y groupinstall "Development Tools"
$ sudo yum -y install python36-devel.x86_64
$ sudo yum -y install openssl-devel.x86_64
$ mkdir ~/forlambda
$ cd ~/forlambda
$ virtualenv -p python3 venv
$ source venv/bin/activate
$ cd ~
$ pip install M2Crypto -t ~/forlambda/venv/lib/python3.6/site-packages/
$ cd ~/forlambda/venv/lib/python3.6/site-packages/
$ (create python function that uses M2Crypto)
$ zip -r9 ~/forlambda/archive.zip .
Then added to the zip file
/usr/bin/openssl
/usr/lib64/libcrypto.so.10
/usr/lib64/libssl.so.10
And uploaded to Lambda, which is where I am now stuck.
Do I need to do something to get Lambda to use the version of libcrypto.so.10 that I have included in the uploaded zip?
My function:
"""
Wrapper for M2Crypto
https://github.com/mcepl/M2Crypto
https://pypi.org/project/M2Crypto/
"""
from __future__ import print_function
from M2Crypto import RSA
import base64
import json
def decrypt_string(string_b64):
rsa = RSA.load_key('private_key.pem')
string_encrypted = base64.b64decode(string_b64)
bytes = rsa.private_decrypt(string_encrypted, 1)
string_plaintext = bytes.decode("utf-8")
response = {
's': string_plaintext,
'status': "OK",
'statuscode': 200
};
return response
def lambda_handler(event, context):
response = ""
action = event['action']
if action == "decrypt":
string_b64 = event['s']
response = decrypt_string(string_b64)
return response
AWS support provided a resolution, upgrading to use Python 3.7 where the issue is resolved:
Our internal team has confirmed that the issue is with Lambda's Python
runtime. In a few rare cases, when the Lambda function is being
initialised, Lambda is unable to link against the correct OpenSSL
libraries - instead linking against Lambda's own in-built OpenSSL
binaries.
The team suggests trying this out in the Python3.7 environment where
this behaviour has been fixed. Also, python3.7 is compiled with the
newer openssl 1.0.2 and you should not have to include the binaries in
the Lambda package. ... still had to include the OpenSSL binaries in
the package and could not get it working with the default libraries.
First I ran this command on the EC2 instance to make sure I had included the correct .so file in my .zip:
$ ldd -v _m2crypto.cpython-36m-x86_64-linux-gnu.so
The output of the ldd command (edited for brevity):
libssl.so.10 => /lib64/libssl.so.10 (0x00007fd5f1892000)
libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007fd5f1433000)
Based on the output above, I included /lib64/libcrypto.so.10 in my .zip.
Also (at the suggestion of AWS Support), on the Lambda console, under 'Environment variables', I added a key 'LD_LIBRARY_PATH' with value '/var/task'.
I'm not sure if I needed both those changes to fix my problem, but it works right now and after three days of troubleshooting I am afraid to touch it to see if it was one or the other that made it work.
It is perhaps too brutal, but would it be possible to use LD_PRELOAD to force using your preferred version of OpenSSL library?
AWS lambda runs code on an old version of amazon linux (amzn-ami-hvm-2017.03.1.20170812-x86_64-gp2) as mentioned in the official documentation
https://docs.aws.amazon.com/lambda/latest/dg/current-supported-versions.html
So to run a code that depends on shared libraries, it needs to be compiled in the same environment so it can link correctly.
What I usually do in such cases is that I create virtualenv using docker container. The virtualenv can than be packaged with lambda code.
Please note that if you need install anything using yum (in the docker container), you must use same release server as the amazon linux version:
yum --releasever=2017.03 install ...
virtualenv can be built using an EC2 instance as well instead of docker container (though, I find docker method easier). Just make sure that the AMI used for EC2 is same as the one used by lambda.
I need to install pycurl in order to run a python script, but I can't find the way to do it on macOS.
I have already tried brew, update Pip but I always receive this error after did "pip install pycurl"
Collecting pycurl
Using cached https://files.pythonhosted.org/packages/e8/e4/0dbb8735407189f00b33d84122b9be52c790c7c3b25286826f4e1bdb7bde/pycurl-7.43.0.2.tar.gz
Complete output from command python setup.py egg_info:
Using curl-config (libcurl 7.54.0)
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/private/var/folders/vk/f193293d0pvd2ynlcpnyx9100000gn/T/pip-install-rxidIQ/pycurl/setup.py", line 913, in <module>
ext = get_extension(sys.argv, split_extension_source=split_extension_source)
File "/private/var/folders/vk/f193293d0pvd2ynlcpnyx9100000gn/T/pip-install-rxidIQ/pycurl/setup.py", line 582, in get_extension
ext_config = ExtensionConfiguration(argv)
File "/private/var/folders/vk/f193293d0pvd2ynlcpnyx9100000gn/T/pip-install-rxidIQ/pycurl/setup.py", line 99, in __init__
self.configure()
File "/private/var/folders/vk/f193293d0pvd2ynlcpnyx9100000gn/T/pip-install-rxidIQ/pycurl/setup.py", line 316, in configure_unix
specify the SSL backend manually.''')
__main__.ConfigurationError: Curl is configured to use SSL, but we have not been able to determine which SSL backend it is using. Please see PycURL documentation for how to specify the SSL backend manually.
Any suggestion ?
Recent versions of curl support multiple ssl backend and pycurl is not able to decide which one is used during the installation time. This is a known problem (https://github.com/pycurl/pycurl/issues/530) in 7.43.0.2. Lots of people say to install curl with openssl support, but on macos is better to use the default SecureTransport and let the system access the keychain instead of using the bundled certificates in openssl.
Try installing 7.43.0.1 to fix your problems.
pip install pycurl==7.43.0.1
If this doesn't work execute this:
brew link curl
export LDFLAGS="-L/usr/local/opt/curl/lib"
export CPPFLAGS="-I/usr/local/opt/curl/include"
and try again
pip install pycurl==7.43.0.1
In order for PycURL to find the OpenSSL headers on macOS, we need to specify which SSL backend to use and where OpenSSL can be found:
pip install --install-option="--with-openssl" --install-option="--openssl-dir=/usr/local/opt/openssl" pycurl
That OpenSSL path will vary based on your installation. On Apple Silicon, this should work:
pip install --install-option="--with-openssl" --install-option="--openssl-dir=/opt/homebrew/opt/openssl" pycurl
I recently ran the following command to install the Amazon Elastic Beanstalk Command Line Interface (EB CLI). I would now like to remove it from my Windows 10 machine.
C:\Users\Cale>pip install --upgrade --user awsebcli
What is the best command to run to ensure that its fully removed from my machine?
I was able to uninstall using the following command:
C:\Users\Cale>pip uninstall awsebcli
I was uncertain how to do the uninstall since I specified --user in the original install command. This stackoverflow article helped me understand that the --user option would not matter during the uninstall process.
How to uninstall a package installed with pip install --user
For me, the awsebcli is not present in the pip list command that references the $PATH. I get this error:
Skipping awsebcli as it is not installed.
Apparently, it's on the pip executable(s) in this location (Windows, PowerShell format):
$env:userprofile\.ebcli-virtual-env\Scripts\
The uninstall command worked properly using one of those executables.
After that, it it seems that deleting the .ebcli-virtual-env will remove it fully from the machine: How do I remove/delete a virtualenv? (disclaimer: I'm not a pythonista :) )
I have installed synapse using the following commands:
link: https://github.com/matrix-org/synapse
Installing prerequisites on Mac OS X:
xcode-select --install
sudo easy_install pip
sudo pip install virtualenv
brew install pkg-config libffi
To install the synapse homeserver run:
virtualenv -p python2.7 ~/.synapse
source ~/.synapse/bin/activate
pip install --upgrade setuptools
pip install https://github.com/matrix-org/synapse/tarball/master
Generate a configuration file
cd ~/.synapse
python -m synapse.app.homeserver \
--server-name my.domain.name \
--config-path homeserver.yaml \
--generate-config \
--report-stats=yes
To get started, it is easiest to use the command line to register new users:
$ source ~/.synapse/bin/activate
$ synctl start # if not already running
$ register_new_matrix_user -c homeserver.yaml https://localhost:8448
New user localpart: user123
Password:
Confirm password:
Server started successfully, but user registration failed and
i opened "https://localhost:8448" in the browser and i got the following:
Can anybody help to solve this?
Your homeserver is probably not starting correctly. Try to get the JSON response about supported versions by executing following in you shell:
curl https://localhost:8448/_matrix/client/versions -k
This should result in a JSON response listing protocol versions:
{
"versions": [
"r0.0.1",
"r0.1.0",
"r0.2.0"
]
}
If that's not working - to find out the real issue you can try:
Check if it's running at all with sudo service matrix-synapse status
Check the log file at /var/log/matrix-synapse/homeserver.log
I will update the answer, in case you can provide more details.
The web client should be accessible at the following URL:
https://localhost:8448/_matrix/client/
However the documentation states:
(The homeserver runs a web client by default at
https://localhost:8448/, though as of the time of writing it is
somewhat outdated and not really recommended -
https://github.com/matrix-org/synapse/issues/1527).
You should use a client such as the one at https://riot.im/app/
I installed django 1.5.1 with PIP.
I am trying to learn Django, and tried to make a test project.
When I run pip freeze, it returns Django==1.5.1 as one of my installed packages.
When I run django-admin.py startproject test_project it returns, -bash: django-admin.py: command not found.
I cannot start this test project. Any advice as to how I can start a new django project?
I am on a Mac OSX 10.5.8.
I found the solution on this page.
I was able to solve my path issue by running:
sudo ln -s /usr/local/lib/python2.7/site-packages/django/bin/django-admin.py /usr/local/bin/django-admin.py
This created a "Permission Denied" error though. I was able to solve that issue by running:
sudo chmod +x /usr/local/bin/django-admin.py
django-admin.py is now working.
I have used follwong command to install (/usr/local/bin)
pip install django
django-admin startproject mysite