I'm trying to write a script which will update the letsencrypt cert automatically via cronjob on up-to-date CentOS6.x.
To do that I wrote have following script:
#!/bin/sh
#
# get newest "Let's Encrypt" version
#
cd /opt/letsencrypt
git pull
# bug fix #201600233: update pip
echo "****************************************************************"
echo pip --version
pip --version
echo "****************************************************************"
pip install --upgrade pip
#
# update certs
#
# stop httpd
/etc/init.d/httpd stop
# renew certs
/opt/letsencrypt/letsencrypt-auto renew > /var/log/letsencrypt/renew.log 2>&1
LE_STATUS=$?
# start httpd
/etc/init.d/httpd start
# check "Let's Encrypt" result
if [ "$LE_STATUS" != 0 ]; then
echo Automated renewal failed:
cat /var/log/letsencrypt/renew.log
exit 1
fi
Every time if I execute this script from commad line all is fine. The script is running without any errors. But every time when I start the script via cronjob I get the error
You are using pip version 8.0.3, however version 8.1.2 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
Not sure why these occurres ... Are there any environment variables missing?
Here all of the output of the cronjob. Note also that the cronjob output says that the pip version is "8.1.2".
Already up-to-date.
****************************************************************
pip --version
pip 8.1.2 from /usr/lib/python2.6/site-packages (python 2.6)
****************************************************************
DEPRECATION: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of pip will drop support for Python 2.6
Requirement already up-to-date: pip in /usr/lib/python2.6/site-packages
httpd beenden: [ OK ]^M
httpd starten: [ OK ]^M
Automated renewal failed:
Bootstrapping dependencies for RedHat-based OSes...
yum ist /usr/bin/yum
Geladene Plugins: fastestmirror, refresh-packagekit, security, verify
Einrichten des Installationsprozess
Loading mirror speeds from cached hostfile
* base: centosmirror.netcup.net
* epel: mirrors.n-ix.net
* extras: centosmirror.netcup.net
* updates: mirror.ratiokontakt.de
* webtatic: uk.repo.webtatic.com
Paket gcc-4.4.7-17.el6.x86_64 ist bereits in der neusten Version installiert.
Paket dialog-1.1-9.20080819.1.el6.x86_64 ist bereits in der neusten Version installiert.
Paket augeas-libs-1.0.0-10.el6.x86_64 ist bereits in der neusten Version installiert.
Paket openssl-1.0.1e-48.el6_8.1.x86_64 ist bereits in der neusten Version installiert.
Paket openssl-devel-1.0.1e-48.el6_8.1.x86_64 ist bereits in der neusten Version installiert.
Paket libffi-devel-3.0.5-3.2.el6.x86_64 ist bereits in der neusten Version installiert.
Paket redhat-rpm-config-9.0.3-51.el6.centos.noarch ist bereits in der neusten Version installiert.
Paket ca-certificates-2015.2.6-65.0.1.el6_7.noarch ist bereits in der neusten Version installiert.
Paket python-2.6.6-64.el6.x86_64 ist bereits in der neusten Version installiert.
Paket python-devel-2.6.6-64.el6.x86_64 ist bereits in der neusten Version installiert.
Paket python-virtualenv-1.10.1-1.el6.noarch ist bereits in der neusten Version installiert.
Paket python-tools-2.6.6-64.el6.x86_64 ist bereits in der neusten Version installiert.
Paket python-pip-7.1.0-1.el6.noarch ist bereits in der neusten Version installiert.
Paket 1:mod_ssl-2.2.15-53.el6.centos.x86_64 ist bereits in der neusten Version installiert.
Nichts zu tun
Creating virtual environment...
Installing Python packages...
Had a problem while installing Python packages:
DEPRECATION: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of pip will drop support for Python 2.6
Requirement already satisfied (use --upgrade to upgrade): argparse==1.4.0 in /.local/share/letsencrypt/lib/python2.6/site-packages (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 5))
Collecting pycparser==2.14 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 11))
//.local/share/letsencrypt/lib64/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:315: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning.
SNIMissingWarning
//.local/share/letsencrypt/lib64/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
Downloading pycparser-2.14.tar.gz (223kB)
Collecting cffi==1.4.2 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 14))
Downloading cffi-1.4.2.tar.gz (365kB)
Collecting ConfigArgParse==0.10.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 31))
Downloading ConfigArgParse-0.10.0.tar.gz
Collecting configobj==5.0.6 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 33))
Downloading configobj-5.0.6.tar.gz
Collecting cryptography==1.2.3 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 35))
Downloading cryptography-1.2.3.tar.gz (373kB)
Collecting enum34==1.1.2 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 57))
Downloading enum34-1.1.2.tar.gz (46kB)
Collecting funcsigs==0.4 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 60))
Downloading funcsigs-0.4-py2.py3-none-any.whl
Collecting idna==2.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 63))
Downloading idna-2.0-py2.py3-none-any.whl (61kB)
Collecting ipaddress==1.0.16 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 66))
Downloading ipaddress-1.0.16.tar.gz
Collecting linecache2==1.0.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 69))
Downloading linecache2-1.0.0-py2.py3-none-any.whl
Collecting ndg-httpsclient==0.4.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 72))
Downloading ndg_httpsclient-0.4.0.tar.gz
Collecting ordereddict==1.1 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 74))
Downloading ordereddict-1.1.tar.gz
Collecting parsedatetime==2.1 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 76))
Downloading parsedatetime-2.1-py2-none-any.whl
Collecting pbr==1.8.1 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 79))
Downloading pbr-1.8.1-py2.py3-none-any.whl (89kB)
Collecting psutil==3.3.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 82))
Downloading psutil-3.3.0.tar.gz (261kB)
Collecting pyasn1==0.1.9 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 104))
Downloading pyasn1-0.1.9-py2.py3-none-any.whl
Collecting pyOpenSSL==0.15.1 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 116))
Downloading pyOpenSSL-0.15.1-py2.py3-none-any.whl (102kB)
Collecting pyRFC3339==1.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 119))
Downloading pyRFC3339-1.0-py2.py3-none-any.whl
Collecting python-augeas==0.5.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 122))
Downloading python-augeas-0.5.0.tar.gz (90kB)
Collecting python2-pythondialog==3.3.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 124))
Downloading python2-pythondialog-3.3.0.tar.bz2 (1.8MB)
Collecting pytz==2015.7 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 127))
Downloading pytz-2015.7-py2.py3-none-any.whl (476kB)
Collecting requests==2.9.1 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 141))
Downloading requests-2.9.1-py2.py3-none-any.whl (501kB)
Collecting six==1.10.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 144))
Downloading six-1.10.0-py2.py3-none-any.whl
Collecting traceback2==1.4.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 147))
Downloading traceback2-1.4.0-py2.py3-none-any.whl
Collecting unittest2==1.1.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 150))
Downloading unittest2-1.1.0-py2.py3-none-any.whl (96kB)
Collecting zope.component==4.2.2 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 153))
Downloading zope.component-4.2.2.tar.gz (546kB)
Collecting zope.event==4.1.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 155))
Downloading zope.event-4.1.0.tar.gz (476kB)
Collecting zope.interface==4.1.3 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 157))
Downloading zope.interface-4.1.3.tar.gz (141kB)
Collecting mock==1.0.1 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 175))
Downloading mock-1.0.1.zip (861kB)
Collecting letsencrypt==0.7.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 178))
Downloading letsencrypt-0.7.0-py2-none-any.whl
Collecting acme==0.8.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 184))
Downloading acme-0.8.0-py2.py3-none-any.whl (91kB)
Collecting certbot==0.8.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 187))
Downloading certbot-0.8.0-py2-none-any.whl (215kB)
Collecting certbot-apache==0.8.0 (from -r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 190))
Downloading certbot_apache-0.8.0-py2-none-any.whl (103kB)
Collecting setuptools>=1.0 (from cryptography==1.2.3->-r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 35))
In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
setuptools>=1.0 from https://pypi.python.org/packages/a6/2b/803bd512ae9a69164ccfc29d289c99fa1b50cdfeb57aa3ab2239094e4751/setuptools-22.0.2-py2.py3-none-any.whl#md5=51dcd17dd15db58ee090565e99b0e94d (from cryptography==1.2.3->-r /tmp/tmp.8WY1y3IFg4/letsencrypt-auto-requirements.txt (line 35))
//.local/share/letsencrypt/lib64/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
You are using pip version 8.0.3, however version 8.1.2 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
At first: Thanks to "Jeremy Dover". Your comments was very helpful for me! :-)
After I have set the
HOME
environment variable to/root
it works. Seems that letsencrypt takes the pip installation anywhere from/root/.local/share/letsencrypt/
(because I have installed letsencrypt as root user) and when the HOME variable was not correct set letsencrypt cannot found it...