Certbot Requires Python 2.7

This article describes how to use certbot with Python 2.7.  The assumption is that you have already installed certbot.

At the bottom of this article, is a related post on how to install Python 2.7.  After installing Python, install/run certbot.

A shortcut,

run a command within a temporary environment, like this functional example below.

scl enable python27 '/opt/certbot-auto help'

To run certbot, enable python 2.7 first, then run the certbot commands.

scl enable python27 bash

If, however, you are still getting errors about Python 2.6.  A likely cause is that certbot was run prior to installing Python 2.7. Since certbot created a virtual environment with symbolic links to the incorrect version of Python, I exited certbot and deleted the virtual environment.  Do this with caution as I don’t know what this may have effected, it didn’t seem to negatively impact anything I was working on.

Anyway, while still using python 2.7, attempt to run certbot again.  A new virtual environment is created and it works.

[root@python opt]# ./certbot-auto help

-------------------------------------------------------------------------------

certbot-auto [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. The most common SUBCOMMANDS and flags are:

obtain, install, and renew certificates:
(default) run   Obtain & install a certificate in your current webserver
certonly        Obtain or renew a certificate, but do not install it
renew           Renew all previously obtained certificates that are near expiry
-d DOMAINS       Comma-separated list of domains to obtain a certificate for

--apache          Use the Apache plugin for authentication & installation
--standalone      Run a standalone webserver for authentication
--nginx           Use the Nginx plugin for authentication & installation
--webroot         Place files in a server's webroot folder for authentication
--manual          Obtain certificates interactively, or using shell script hooks

-n               Run non-interactively
--test-cert       Obtain a test certificate from a staging server
--dry-run         Test "renew" or "certonly" without saving any certificates to disk

manage certificates:
certificates    Display information about certificates you have from Certbot
revoke          Revoke a certificate (supply --cert-path)
delete          Delete a certificate

manage your account with Let's Encrypt:
register        Create a Let's Encrypt ACME account
--agree-tos       Agree to the ACME server's Subscriber Agreement
-m EMAIL         Email address for important account notifications

More detailed help:

-h, --help [TOPIC]    print this message, or detailed help on a topic;
the available TOPICS are:

all, automation, commands, paths, security, testing, or any of the
subcommands or plugins (certonly, renew, install, register, nginx,
apache, standalone, webroot, etc.)
-------------------------------------------------------------------------------

An alternate untested approach is to hack out the depreciation warning for Python 2.6.

wget -nv -O /usr/local/bin/certbot-auto https://dl.eff.org/certbot-auto
chmod +x /usr/local/bin/certbot-auto
/usr/local/bin/certbot-auto --non-interactive
sed -i 's/python2$/python2 -W ignore::DeprecationWarning/' ~/.local/share/letsencrypt/bin/letsencrypt
/usr/local/bin/certbot-auto certonly --standalone --preferred-challenges tls-sni-01 -d "$HOSTNAME"

Source(s)

  • http://blog.leifmadsen.com/blog/2017/01/03/installing-python-2.7-on-centos-6.x/
  • https://access.redhat.com/documentation/en-us/red_hat_software_collections/1/html/packaging_guide/sect-testing_the_h2m144_software_collection
  • http://mirror.centos.org/centos/6/sclo/x86_64/rh/
  • http://mirror.centos.org/centos/7/sclo/x86_64/rh/