Linux – ページ 2 – igreks開発日記

CentOS7にmysqlインストール

1.mariaDBの削除

CentOS7にはデフォルトで競合するmariaDBが入っているので削除する

・mariaDBのインストール確認

$ rpm -qa | grep maria
mariadb-libs-5.5.52-1.el7.x86_64

1 2	$ rpm -qa \| grep maria mariadb-libs-5.5.52-1.el7.x86_64

・mariaDBとデータ削除

$ sudo yum remove mariadb-libs
$ sudo rm -rf /var/lib/mysql

1 2	$ sudo yum remove mariadb-libs $ sudo rm -rf /var/lib/mysql

2.MySQL5.7のインストール

・公式リポジトリ追加

本記事執筆時では、mysql57-community-release-el7-11.noarch.rpmが最新のよう。

# rpm -Uvh http://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm

1	# rpm -Uvh http://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm

・インストール

# yum install -y --enablerepo=mysql57-community mysql-community-server

1	# yum install -y --enablerepo=mysql57-community mysql-community-server

・確認する

# mysqld --version
mysqld Ver 5.7.18 for Linux on x86_64 (MySQL Community Server (GPL))

1 2	# mysqld --version mysqld Ver 5.7.18 for Linux on x86_64 (MySQL Community Server (GPL))

・自動起動設定

# systemctl enable mysqld.service

1	# systemctl enable mysqld.service

・起動する

# systemctl start mysqld.service

1	# systemctl start mysqld.service

3.mysqlに入る

・初期パスワード確認

# grep 'temporary password' /var/log/mysqld.log
2017-08-23T12:11:58.756355Z 1 [Note] A temporary password is generated for root@localhost: ******

1 2	# grep 'temporary password' /var/log/mysqld.log 2017-08-23T12:11:58.756355Z 1 [Note] A temporary password is generated for root@localhost: ******

・******の部分がパスワード。このパスワードを使って入る。

$ mysql -uroot -p
Enter password: ******
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.7.18
　　：

$ mysql -uroot -p

Enter password: ******

Welcome to the MySQL monitor. Commands end with ; or \g.

Your MySQL connection id is 5

Server version: 5.7.18

　　：

・SQL発行の前に、新しいパスワードを設定する必要があるので設定する。

$ mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'ThisIsNewPasswd!';
Query OK, 0 rows affected (0.00 sec)

1 2	$ mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'ThisIsNewPasswd!'; Query OK, 0 rows affected (0.00 sec)

・ちなみにパスワードの強度が低いと怒られて変更できない。

$ mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY '12345678';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

1 2	$ mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY '12345678'; ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

・SQL発行テスト

$ mysql> select host, user from mysql.user;
+-----------+-----------+
| host | user |
+-----------+-----------+
| localhost | mysql.sys |
| localhost | root |
+-----------+-----------+
2 rows in set (0.00 sec)

$ mysql> select host, user from mysql.user;

+-----------+-----------+

| host | user |

+-----------+-----------+

| localhost | mysql.sys |

| localhost | root |

+-----------+-----------+

2 rows in set (0.00 sec)

これでOK。

参考URL）

CentOS7でSSHのポート変更

現在の状態を確認

# firewall-cmd --list-all
    ↓
public (default, active)
interfaces: eth0 eth1
sources: 
services: dhcpv6-client ssh
ports: 
masquerade: no
forward-ports: 
icmp-blocks: 
rich rules:

# firewall-cmd --list-all

↓

public (default, active)

interfaces: eth0 eth1

sources:

services: dhcpv6-client ssh

ports:

masquerade: no

forward-ports:

icmp-blocks:

rich rules:

sshd_configの修正

# vi /etc/ssh/sshd_config
   ↓
- # Port 22
+ Port 10022

# vi /etc/ssh/sshd_config

↓

- # Port 22

+ Port 10022

sshd再起動

# systemctl restart sshd.service

1	# systemctl restart sshd.service

firewalldの設定からSSHを削除

# firewall-cmd --remove-service=ssh --zone=public --permanent

1	# firewall-cmd --remove-service=ssh --zone=public --permanent

firewalldの設定にssh-10022を追加

既存のssh.xmlをコピーしてssh-10022.xmlを作成する

# cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/ssh-10022.xml

1	# cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/ssh-10022.xml

ssh-10022.xmlファイル内のポート番号を22から10022に変更する

# vi /etc/firewalld/services/ssh-10022.xml
    ↓
- <port protocol="tcp" port="22"/>
+ <port protocol="tcp" port="10022"/>

# vi /etc/firewalld/services/ssh-10022.xml

↓

- <port protocol="tcp" port="22"/>

+ <port protocol="tcp" port="10022"/>

ファイアウォール設定に追加

# firewall-cmd --add-service=ssh-10022 --zone=public --permanent

1	# firewall-cmd --add-service=ssh-10022 --zone=public --permanent

firewalldをリロード

# firewall-cmd --reload

1	# firewall-cmd --reload

変更後の状態を確認

# firewall-cmd --list-all
   ↓
public (default, active)
interfaces: eth0 eth1
sources:
services: dhcpv6-client ssh-10022
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:

# firewall-cmd --list-all

↓

public (default, active)

interfaces: eth0 eth1

sources:

services: dhcpv6-client ssh-10022

ports:

masquerade: no

forward-ports:

icmp-blocks:

rich rules:

参考URL）

http://qiita.com/fk_2000/items/019b62818e34be973227

CentOS7でファイアウォールの設定

サービス状態確認

# systemctl status firewalld.service
      ↓
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)

# systemctl status firewalld.service

↓

● firewalld.service - firewalld - dynamic firewall daemon

Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)

Active: inactive (dead)

※”…/firewalld.service; disabled;”になっているので自動起動無効

自動起動するように設定

# systemctl enable firewalld.service

1	# systemctl enable firewalld.service

サービス起動

# systemctl start firewalld.service

1	# systemctl start firewalld.service

現在の有効な設定を確認

# firewall-cmd --list-services --zone=public --permanent
    ↓
dhcpv6-client

# firewall-cmd --list-services --zone=public --permanent

↓

dhcpv6-client

sshの設定を追加（22番ポートを許可）

# firewall-cmd --add-service=ssh --zone=public --permanent

1	# firewall-cmd --add-service=ssh --zone=public --permanent

mysqlの設定を追加（3306番ポートを許可）

# firewall-cmd --add-service=mysql --zone=public --permanent

1	# firewall-cmd --add-service=mysql --zone=public --permanent

削除する場合

# firewall-cmd --remove-service=ssh --zone=public --permanent

1	# firewall-cmd --remove-service=ssh --zone=public --permanent

設定一覧を表示（必要に応じて）

# ls -lta /usr/lib/firewalld/services/

1	# ls -lta /usr/lib/firewalld/services/

再度設定を確認

# firewall-cmd --list-services --zone=public --permanent
    ↓
dhcpv6-client mysql ssh

# firewall-cmd --list-services --zone=public --permanent

↓

dhcpv6-client mysql ssh

※mysqlとsshが追加された

ちなみにiptables使う場合

※インストール方法は割愛
※firewalldと併用でないのでiptablesを使う場合はfirewalldは停止する

INPUT基本方針
# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

Localhostは許可
# iptables -A INPUT -i lo -j ACCEPT

sshを許可
# iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

mysqlを許可
# iptables -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT

上記以外は拒否するポリシーに設定
# iptables -P INPUT DROP

INPUT基本方針

# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

Localhostは許可

# iptables -A INPUT -i lo -j ACCEPT

sshを許可

# iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

mysqlを許可

# iptables -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT

上記以外は拒否するポリシーに設定

# iptables -P INPUT DROP

参考URL）

http://qiita.com/haminiku/items/56fcb578d86abcd0b571

CentOS7でのサービス起動・停止・自動起動設定など

サービス一覧と自動起動設定の確認

CentOS6まで

# chkconfig --list

1	# chkconfig --list

CentOS7から

# systemctl list-unit-files -t service

1	# systemctl list-unit-files -t service

enabled →自動起動有効
disabled →自動起動無効
static →単体で自動起動設定ができないサービス

個別に確認したい場合

CentOS6まで

# /etc/rc.d/init.d/"サービス名" status

1	# /etc/rc.d/init.d/"サービス名" status

CentOS7から

# systemctl status "サービス名(Unit名)"

1	# systemctl status "サービス名(Unit名)"

例：sshdの状態確認

# systemctl status sshd.service

1	# systemctl status sshd.service

“…/”Unit名”; eabled;” →自動起動有効
“…/”Unit名”; disabled;” →自動起動無効

Active: active (running) →サービス起動中
Active: inactive (dead) →サービス停止中

自動起動の設定

CentOS6まで

# chkconfig "サービス名" on/off

1	# chkconfig "サービス名" on/off

CentOS7から

# systemctl enable/disable "サービス名(Unit名)"

1	# systemctl enable/disable "サービス名(Unit名)"

例：sshdの自動起動設定

# systemctl enable sshd.service

1	# systemctl enable sshd.service

起動・停止・リスタート・リロード

CentOS6まで

# /etc/rc.d/init.d/"サービス名" "やりたいこと"

1	# /etc/rc.d/init.d/"サービス名" "やりたいこと"

CentOS7から

# systemctl "やりたいこと" "サービス名(Unit名)"

1	# systemctl "やりたいこと" "サービス名(Unit名)"

例：sshdを起動するとき

# systemctl start sshd.service

1	# systemctl start sshd.service

参考URL）
http://qiita.com/haisaihiroki/items/c38cb3c0a331db9b6f69

apacheのバーチャルホスト設定

すでにバーチャルホスト無しで動いている環境で、バーチャルホストを追加する場合の設定。すぐ忘れるのでメモ。

以下条件。極力オリジナルのhttpd.confは触らない方針で。

OS：CentOS 5.5
WEBサーバ：Apache 2.2.3
apache設定ファイルを置くディレクトリ：/etc/httpd/conf.d

最初にまず、デフォルトのServerNameを無効化。

vi /etc/httpd/conf/httpd.conf

1	vi /etc/httpd/conf/httpd.conf

ServerName www.example.com:80
　　↓
#ServerName www.example.com:80

ServerName www.example.com:80

　　↓

#ServerName www.example.com:80

バーチャルホスト用の設定ファイルを作る。

vi /etc/httpd/conf.d/vhost.conf

1	vi /etc/httpd/conf.d/vhost.conf

以下のように記述。
ポイントは、デフォルトのドメインでアクセスしたときの設定も<VirtualHost>ディレクティブで改めてしなければならないということ。
つまりバーチャルで追加したいFQDNのバーチャルホスト設定をしただけではダメ。

# Nameベースのバーチャルホスト利用を宣言
NameVirtualHost *:80
#NameVirtualHost *:443 # SSLの設定もする場合。たいていssl.confで宣言されているので不要

# デフォルトドメインでアクセスされた時の設定ここから #########
<VirtualHost *:80> # もしくは _default_:80

  DocumentRoot /var/www/html
  ServerName origin.com:80

  <Directory "/var/www/html">
    Options -Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
  </Directory>

</VirtualHost>

# SSLの設定はssl.confに準じているので特に不要
# 設定を上書きしたいときはここに書く

# デフォルトドメインでアクセスされた時の設定ここまで #########


# ここから本来追加したいバーチャルホストの設定

# バーチャルホスト1つ目の設定ここから #####################
<VirtualHost *:80>

    DocumentRoot /home/hoge/hoge.com
    # 備考
    #/home/user以下をDocumentRootにしたい場合は、/home/userの
    #パーミッションが700だと403エラーになるので、755や705にする必要がある。
    ServerName hoge.com.com:80
    # ログ出力を分けたい場合
    ErrorLog logs/hoge.com-error_log
    CustomLog logs/hoge.com-access_log common

  <Directory "/home/hoge/hoge.com">
    Options -Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
  </Directory>

</VirtualHost>

# SSLの設定もする場合
<VirtualHost *:443>

   DocumentRoot /home/hoge/hoge.com
   ServerName hoge.com:443
   # ログ出力を分けたい場合
   ErrorLog logs/hoge.com-ssl_error_log
   TransferLog logs/hoge.com-ssl_access_log
   LogLevel warn

   <Directory "/home/hoge/hoge.com">
     Options -Indexes FollowSymLinks
     AllowOverride All
     Order allow,deny
     Allow from all
   </Directory>

   SSLEngine on

   # SSLv2,v3は使わない
   SSLProtocol all -SSLv2 -SSLv3

   SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
   # サーバ証明書などの場所
   SSLCertificateFile /etc/httpd/conf/ssl.crt/hoge.com.cer
   SSLCertificateKeyFile /etc/httpd/conf/ssl.key/hoge.com.key
   SSLCertificateChainFile /etc/httpd/conf/ssl.crt/cacert.cer

   # この辺以下は一緒
   <Files ~ "\.(cgi|shtml|phtml|php3?)$">
      SSLOptions +StdEnvVars
   </Files>

   <Directory "/var/www/cgi-bin">
      SSLOptions +StdEnvVars
   </Directory>

   SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

   # ログ出力を分けたい場合
   CustomLog logs/hoge.com-ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>
# バーチャルホスト1つ目の設定ここまで ####################

# 他にもバーチャルホストを作る場合、上記をコピペしてここに同じように書く

# Nameベースのバーチャルホスト利用を宣言

NameVirtualHost *:80

#NameVirtualHost *:443 # SSLの設定もする場合。たいていssl.confで宣言されているので不要

# デフォルトドメインでアクセスされた時の設定ここから #########

<VirtualHost *:80> # もしくは _default_:80

DocumentRoot /var/www/html

ServerName origin.com:80

Options -Indexes FollowSymLinks

AllowOverride All

Order allow,deny

Allow from all

</Directory>

</VirtualHost>

# SSLの設定はssl.confに準じているので特に不要

# 設定を上書きしたいときはここに書く

# デフォルトドメインでアクセスされた時の設定ここまで #########

# ここから本来追加したいバーチャルホストの設定

# バーチャルホスト1つ目の設定ここから #####################

DocumentRoot /home/hoge/hoge.com

# 備考

#/home/user以下をDocumentRootにしたい場合は、/home/userの

#パーミッションが700だと403エラーになるので、755や705にする必要がある。

ServerName hoge.com.com:80

# ログ出力を分けたい場合

ErrorLog logs/hoge.com-error_log

CustomLog logs/hoge.com-access_log common

Options -Indexes FollowSymLinks

AllowOverride All

Order allow,deny

Allow from all

</Directory>

</VirtualHost>

# SSLの設定もする場合

DocumentRoot /home/hoge/hoge.com

ServerName hoge.com:443

# ログ出力を分けたい場合

ErrorLog logs/hoge.com-ssl_error_log

TransferLog logs/hoge.com-ssl_access_log

LogLevel warn

Options -Indexes FollowSymLinks

AllowOverride All

Order allow,deny

Allow from all

</Directory>

SSLEngine on

# SSLv2,v3は使わない

SSLProtocol all -SSLv2 -SSLv3

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

# サーバ証明書などの場所

SSLCertificateFile /etc/httpd/conf/ssl.crt/hoge.com.cer

SSLCertificateKeyFile /etc/httpd/conf/ssl.key/hoge.com.key

SSLCertificateChainFile /etc/httpd/conf/ssl.crt/cacert.cer

# この辺以下は一緒

SSLOptions +StdEnvVars

</Files>

SSLOptions +StdEnvVars

</Directory>

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

# ログ出力を分けたい場合

CustomLog logs/hoge.com-ssl_request_log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

# バーチャルホスト1つ目の設定ここまで ####################

# 他にもバーチャルホストを作る場合、上記をコピペしてここに同じように書く

参考URL）

http://qiita.com/zaburo/items/b9c3c8c541ffd16797fc

メール本文にピリオド（.）のみの行がある場合の対処

今更感がありますが、、。

SMTP通信上は、原則ピリオドのみの行（正確にはCRLF.CRLF）はメールの終わりを意味します。

本文にこれらが含まれていた場合、以降のデータが無視されてしまいますので、SMTPとPOPのルール上は、本文にピリオドのみの行があった場合には、送信時にピリオドをさらに1つつけ、受信時（POP処理時）には1つピリオドを落とします。

sendmailでは-iオプションで送信時に上記の処理を勝手にやってくれます。（逆に-iオプションを付けないとデフォルトでピリオドだけの行を終端と見なし以降は無視される、という仕様に驚き）

例

sendmail -i -f from@example.com -t to@example.com

1	sendmail -i -f from@example.com -t to@example.com

qmailやPostfixで、sendmailラッパを利用している場合でも、きちんと動作します。

参考サイト）

https://fumiyas.github.io/2014/12/13/sendmail.postfix-advent-calendar.html

またまたcerbot-auto renewでエラー

以前書いた記事とは異なる現象。

CRONで自動更新設定したはずなのに、なーんかまた更新案内メール来てるので、、。

どうやら今回は下記のエラーが発生している模様。

$ sudo /usr/local/src/letsencrypt/certbot-auto renew                          

Upgrading certbot-auto 0.12.0 to 0.14.1...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Had a problem while installing Python packages.

pip prints the following errors: 
=====================================================
Collecting argparse==1.4.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 11))
  Downloading argparse-1.4.0-py2.py3-none-any.whl
Collecting pycparser==2.14 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 17))
  Downloading pycparser-2.14.tar.gz (223kB)
Collecting cffi==1.4.2 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 21))
  Downloading cffi-1.4.2.tar.gz (365kB)
Collecting ConfigArgParse==0.10.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 38))
  Downloading ConfigArgParse-0.10.0.tar.gz
Collecting configobj==5.0.6 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 40))
  Downloading configobj-5.0.6.tar.gz
Collecting cryptography==1.5.3 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 42))
  Downloading cryptography-1.5.3.tar.gz (400kB)
Collecting enum34==1.1.2 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 65))
  Downloading enum34-1.1.2.tar.gz (46kB)
Collecting funcsigs==0.4 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 68))
  Downloading funcsigs-0.4-py2.py3-none-any.whl
Collecting idna==2.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 71))
  Downloading idna-2.0-py2.py3-none-any.whl (61kB)
Collecting ipaddress==1.0.16 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 74))
  Downloading ipaddress-1.0.16-py27-none-any.whl
Collecting linecache2==1.0.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 77))
  Downloading linecache2-1.0.0-py2.py3-none-any.whl
Collecting ordereddict==1.1 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 80))
  Downloading ordereddict-1.1.tar.gz
Collecting parsedatetime==2.1 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 82))
  Downloading parsedatetime-2.1-py2-none-any.whl
Collecting pbr==1.8.1 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 85))
  Downloading pbr-1.8.1-py2.py3-none-any.whl (89kB)
Collecting pyasn1==0.1.9 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 88))
  Downloading pyasn1-0.1.9-py2.py3-none-any.whl
Collecting pyOpenSSL==16.2.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 100))
  Downloading pyOpenSSL-16.2.0-py2.py3-none-any.whl (43kB)
Collecting pyparsing==2.1.8 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 103))
  Downloading pyparsing-2.1.8-py2.py3-none-any.whl (54kB)
Collecting pyRFC3339==1.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 112))
  Downloading pyRFC3339-1.0-py2.py3-none-any.whl
Collecting python-augeas==0.5.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 115))
  Downloading python-augeas-0.5.0.tar.gz (90kB)
Collecting pytz==2015.7 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 117))
  Downloading pytz-2015.7-py2.py3-none-any.whl (476kB)
Collecting requests==2.12.1 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 131))
  Downloading requests-2.12.1-py2.py3-none-any.whl (574kB)
Requirement already satisfied (use --upgrade to upgrade): six==1.10.0 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 134))
Collecting traceback2==1.4.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 137))
  Downloading traceback2-1.4.0-py2.py3-none-any.whl
Collecting unittest2==1.1.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 140))
  Downloading unittest2-1.1.0-py2.py3-none-any.whl (96kB)
Collecting zope.component==4.2.2 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 143))
  Downloading zope.component-4.2.2.tar.gz (546kB)
Collecting zope.event==4.1.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 145))
  Downloading zope.event-4.1.0.tar.gz (476kB)
Collecting zope.interface==4.1.3 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 147))
  Downloading zope.interface-4.1.3.tar.gz (141kB)
Collecting mock==1.0.1 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 165))
  Downloading mock-1.0.1.zip (861kB)
Collecting letsencrypt==0.7.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 168))
  Downloading letsencrypt-0.7.0-py2-none-any.whl
Collecting acme==0.14.1 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 174))
  Downloading acme-0.14.1-py2.py3-none-any.whl (96kB)
Collecting certbot==0.14.1 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 177))
  Downloading certbot-0.14.1-py2.py3-none-any.whl (248kB)
Collecting certbot-apache==0.14.1 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 180))
  Downloading certbot_apache-0.14.1-py2.py3-none-any.whl (134kB)
Collecting certbot-nginx==0.14.1 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 183))
  Downloading certbot_nginx-0.14.1-py2.py3-none-any.whl (64kB)
Requirement already satisfied (use --upgrade to upgrade): setuptools>=11.3 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography==1.5.3->-r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 42))
Installing collected packages: argparse, pycparser, cffi, ConfigArgParse, configobj, idna, pyasn1, enum34, ipaddress, cryptography, funcsigs, linecache2, ordereddict, parsedatetime, pbr, pyOpenSSL, pyparsing, pytz, pyRFC3339, python-augeas, requests, traceback2, unittest2, zope.interface, zope.event, zope.component, mock, acme, certbot, letsencrypt, certbot-apache, certbot-nginx
  Running setup.py install for pycparser: started
    Running setup.py install for pycparser: finished with status 'done'
  Running setup.py install for cffi: started
    Running setup.py install for cffi: finished with status 'done'
  Running setup.py install for ConfigArgParse: started
    Running setup.py install for ConfigArgParse: finished with status 'done'
  Running setup.py install for configobj: started
    Running setup.py install for configobj: finished with status 'done'
  Running setup.py install for enum34: started
    Running setup.py install for enum34: finished with status 'done'
  Running setup.py install for cryptography: started
    Running setup.py install for cryptography: finished with status 'error'
    Complete output from command /root/.local/share/letsencrypt/bin/python2.7 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-l6BZOB/cryptography/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-n0qt5Y-record/install-record.txt --single-version-externally-managed --compile --install-headers /root/.local/share/letsencrypt/include/site/python2.7/cryptography:
    running install
    running build
    running build_py
    creating build
    creating build/lib.linux-x86_64-2.7
    creating build/lib.linux-x86_64-2.7/cryptography
    copying src/cryptography/__init__.py -> build/lib.linux-x86_64-2.7/cryptography
    copying src/cryptography/exceptions.py -> build/lib.linux-x86_64-2.7/cryptography
    copying src/cryptography/__about__.py -> build/lib.linux-x86_64-2.7/cryptography
    copying src/cryptography/fernet.py -> build/lib.linux-x86_64-2.7/cryptography
    copying src/cryptography/utils.py -> build/lib.linux-x86_64-2.7/cryptography
    creating build/lib.linux-x86_64-2.7/cryptography/x509
    copying src/cryptography/x509/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/x509
    copying src/cryptography/x509/base.py -> build/lib.linux-x86_64-2.7/cryptography/x509
    copying src/cryptography/x509/name.py -> build/lib.linux-x86_64-2.7/cryptography/x509
    copying src/cryptography/x509/extensions.py -> build/lib.linux-x86_64-2.7/cryptography/x509
    copying src/cryptography/x509/oid.py -> build/lib.linux-x86_64-2.7/cryptography/x509
    copying src/cryptography/x509/general_name.py -> build/lib.linux-x86_64-2.7/cryptography/x509
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat
    copying src/cryptography/hazmat/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings
    copying src/cryptography/hazmat/bindings/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives
    copying src/cryptography/hazmat/primitives/hmac.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives
    copying src/cryptography/hazmat/primitives/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives
    copying src/cryptography/hazmat/primitives/keywrap.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives
    copying src/cryptography/hazmat/primitives/padding.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives
    copying src/cryptography/hazmat/primitives/serialization.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives
    copying src/cryptography/hazmat/primitives/constant_time.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives
    copying src/cryptography/hazmat/primitives/hashes.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives
    copying src/cryptography/hazmat/primitives/cmac.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/backends
    copying src/cryptography/hazmat/backends/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends
    copying src/cryptography/hazmat/backends/multibackend.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends
    copying src/cryptography/hazmat/backends/interfaces.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings/commoncrypto
    copying src/cryptography/hazmat/bindings/commoncrypto/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings/commoncrypto
    copying src/cryptography/hazmat/bindings/commoncrypto/binding.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings/commoncrypto
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings/openssl
    copying src/cryptography/hazmat/bindings/openssl/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings/openssl
    copying src/cryptography/hazmat/bindings/openssl/_conditional.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings/openssl
    copying src/cryptography/hazmat/bindings/openssl/binding.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings/openssl
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/interfaces
    copying src/cryptography/hazmat/primitives/interfaces/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/interfaces
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/twofactor
    copying src/cryptography/hazmat/primitives/twofactor/totp.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/twofactor
    copying src/cryptography/hazmat/primitives/twofactor/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/twofactor
    copying src/cryptography/hazmat/primitives/twofactor/hotp.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/twofactor
    copying src/cryptography/hazmat/primitives/twofactor/utils.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/twofactor
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric
    copying src/cryptography/hazmat/primitives/asymmetric/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric
    copying src/cryptography/hazmat/primitives/asymmetric/dsa.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric
    copying src/cryptography/hazmat/primitives/asymmetric/padding.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric
    copying src/cryptography/hazmat/primitives/asymmetric/ec.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric
    copying src/cryptography/hazmat/primitives/asymmetric/utils.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric
    copying src/cryptography/hazmat/primitives/asymmetric/rsa.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric
    copying src/cryptography/hazmat/primitives/asymmetric/dh.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/ciphers
    copying src/cryptography/hazmat/primitives/ciphers/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/ciphers
    copying src/cryptography/hazmat/primitives/ciphers/base.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/ciphers
    copying src/cryptography/hazmat/primitives/ciphers/algorithms.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/ciphers
    copying src/cryptography/hazmat/primitives/ciphers/modes.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/ciphers
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/kdf
    copying src/cryptography/hazmat/primitives/kdf/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/kdf
    copying src/cryptography/hazmat/primitives/kdf/hkdf.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/kdf
    copying src/cryptography/hazmat/primitives/kdf/concatkdf.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/kdf
    copying src/cryptography/hazmat/primitives/kdf/pbkdf2.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/kdf
    copying src/cryptography/hazmat/primitives/kdf/kbkdf.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/kdf
    copying src/cryptography/hazmat/primitives/kdf/x963kdf.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/kdf
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/commoncrypto
    copying src/cryptography/hazmat/backends/commoncrypto/hmac.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/commoncrypto
    copying src/cryptography/hazmat/backends/commoncrypto/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/commoncrypto
    copying src/cryptography/hazmat/backends/commoncrypto/backend.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/commoncrypto
    copying src/cryptography/hazmat/backends/commoncrypto/hashes.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/commoncrypto
    copying src/cryptography/hazmat/backends/commoncrypto/ciphers.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/commoncrypto
    creating build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/hmac.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/dsa.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/x509.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/backend.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/ec.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/hashes.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/cmac.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/ciphers.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/utils.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/rsa.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/decode_asn1.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    copying src/cryptography/hazmat/backends/openssl/encode_asn1.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl
    running egg_info
    writing requirements to src/cryptography.egg-info/requires.txt
    writing src/cryptography.egg-info/PKG-INFO
    writing top-level names to src/cryptography.egg-info/top_level.txt
    writing dependency_links to src/cryptography.egg-info/dependency_links.txt
    writing entry points to src/cryptography.egg-info/entry_points.txt
    warning: manifest_maker: standard file '-c' not found
    
    reading manifest file 'src/cryptography.egg-info/SOURCES.txt'
    reading manifest template 'MANIFEST.in'
    no previously-included directories found matching 'docs/_build'
    warning: no previously-included files matching '*' found under directory 'vectors'
    writing manifest file 'src/cryptography.egg-info/SOURCES.txt'
    running build_ext
    generating cffi module 'build/temp.linux-x86_64-2.7/_padding.c'
    creating build/temp.linux-x86_64-2.7
    generating cffi module 'build/temp.linux-x86_64-2.7/_constant_time.c'
    generating cffi module 'build/temp.linux-x86_64-2.7/_openssl.c'
    building '_openssl' extension
    creating build/temp.linux-x86_64-2.7/build
    creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7
    gcc -pthread -fno-strict-aliasing -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fwrapv -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fwrapv -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_openssl.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_openssl.o
    virtual memory exhausted: Cannot allocate memory
    error: command 'gcc' failed with exit status 1
    
    ----------------------------------------
Command "/root/.local/share/letsencrypt/bin/python2.7 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-l6BZOB/cryptography/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-n0qt5Y-record/install-record.txt --single-version-externally-managed --compile --install-headers /root/.local/share/letsencrypt/include/site/python2.7/cryptography" failed with error code 1 in /tmp/pip-build-l6BZOB/cryptography
You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
=====================================================

Certbot has problem setting up the virtual environment.

Based on your pip output, the problem can likely be fixed by 
increasing the available memory.

Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-environment
for possible solutions.
You may also find some support resources at https://certbot.eff.org/support/ .

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

$ sudo /usr/local/src/letsencrypt/certbot-auto renew

Upgrading certbot-auto 0.12.0 to 0.14.1...

Replacing certbot-auto...

Creating virtual environment...

Installing Python packages...

Had a problem while installing Python packages.

pip prints the following errors:

=====================================================

Collecting argparse==1.4.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 11))

Downloading argparse-1.4.0-py2.py3-none-any.whl

Collecting pycparser==2.14 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 17))

Downloading pycparser-2.14.tar.gz (223kB)

Collecting cffi==1.4.2 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 21))

Downloading cffi-1.4.2.tar.gz (365kB)

Collecting ConfigArgParse==0.10.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 38))

Downloading ConfigArgParse-0.10.0.tar.gz

Collecting configobj==5.0.6 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 40))

Downloading configobj-5.0.6.tar.gz

Collecting cryptography==1.5.3 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 42))

Downloading cryptography-1.5.3.tar.gz (400kB)

Collecting enum34==1.1.2 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 65))

Downloading enum34-1.1.2.tar.gz (46kB)

Collecting funcsigs==0.4 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 68))

Downloading funcsigs-0.4-py2.py3-none-any.whl

Collecting idna==2.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 71))

Downloading idna-2.0-py2.py3-none-any.whl (61kB)

Collecting ipaddress==1.0.16 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 74))

Downloading ipaddress-1.0.16-py27-none-any.whl

Collecting linecache2==1.0.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 77))

Downloading linecache2-1.0.0-py2.py3-none-any.whl

Collecting ordereddict==1.1 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 80))

Downloading ordereddict-1.1.tar.gz

Collecting parsedatetime==2.1 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 82))

Downloading parsedatetime-2.1-py2-none-any.whl

Collecting pbr==1.8.1 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 85))

Downloading pbr-1.8.1-py2.py3-none-any.whl (89kB)

Collecting pyasn1==0.1.9 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 88))

Downloading pyasn1-0.1.9-py2.py3-none-any.whl

Collecting pyOpenSSL==16.2.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 100))

Downloading pyOpenSSL-16.2.0-py2.py3-none-any.whl (43kB)

Collecting pyparsing==2.1.8 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 103))

Downloading pyparsing-2.1.8-py2.py3-none-any.whl (54kB)

Collecting pyRFC3339==1.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 112))

Downloading pyRFC3339-1.0-py2.py3-none-any.whl

Collecting python-augeas==0.5.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 115))

Downloading python-augeas-0.5.0.tar.gz (90kB)

Collecting pytz==2015.7 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 117))

Downloading pytz-2015.7-py2.py3-none-any.whl (476kB)

Collecting requests==2.12.1 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 131))

Downloading requests-2.12.1-py2.py3-none-any.whl (574kB)

Requirement already satisfied (use --upgrade to upgrade): six==1.10.0 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 134))

Collecting traceback2==1.4.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 137))

Downloading traceback2-1.4.0-py2.py3-none-any.whl

Collecting unittest2==1.1.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 140))

Downloading unittest2-1.1.0-py2.py3-none-any.whl (96kB)

Collecting zope.component==4.2.2 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 143))

Downloading zope.component-4.2.2.tar.gz (546kB)

Collecting zope.event==4.1.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 145))

Downloading zope.event-4.1.0.tar.gz (476kB)

Collecting zope.interface==4.1.3 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 147))

Downloading zope.interface-4.1.3.tar.gz (141kB)

Collecting mock==1.0.1 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 165))

Downloading mock-1.0.1.zip (861kB)

Collecting letsencrypt==0.7.0 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 168))

Downloading letsencrypt-0.7.0-py2-none-any.whl

Collecting acme==0.14.1 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 174))

Downloading acme-0.14.1-py2.py3-none-any.whl (96kB)

Collecting certbot==0.14.1 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 177))

Downloading certbot-0.14.1-py2.py3-none-any.whl (248kB)

Collecting certbot-apache==0.14.1 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 180))

Downloading certbot_apache-0.14.1-py2.py3-none-any.whl (134kB)

Collecting certbot-nginx==0.14.1 (from -r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 183))

Downloading certbot_nginx-0.14.1-py2.py3-none-any.whl (64kB)

Requirement already satisfied (use --upgrade to upgrade): setuptools>=11.3 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography==1.5.3->-r /tmp/tmp.sSOf1HDXvB/letsencrypt-auto-requirements.txt (line 42))

Installing collected packages: argparse, pycparser, cffi, ConfigArgParse, configobj, idna, pyasn1, enum34, ipaddress, cryptography, funcsigs, linecache2, ordereddict, parsedatetime, pbr, pyOpenSSL, pyparsing, pytz, pyRFC3339, python-augeas, requests, traceback2, unittest2, zope.interface, zope.event, zope.component, mock, acme, certbot, letsencrypt, certbot-apache, certbot-nginx

Running setup.py install for pycparser: started

Running setup.py install for pycparser: finished with status 'done'

Running setup.py install for cffi: started

Running setup.py install for cffi: finished with status 'done'

Running setup.py install for ConfigArgParse: started

Running setup.py install for ConfigArgParse: finished with status 'done'

Running setup.py install for configobj: started

Running setup.py install for configobj: finished with status 'done'

Running setup.py install for enum34: started

Running setup.py install for enum34: finished with status 'done'

Running setup.py install for cryptography: started

Running setup.py install for cryptography: finished with status 'error'

Complete output from command /root/.local/share/letsencrypt/bin/python2.7 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-l6BZOB/cryptography/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-n0qt5Y-record/install-record.txt --single-version-externally-managed --compile --install-headers /root/.local/share/letsencrypt/include/site/python2.7/cryptography:

running install

running build

running build_py

creating build

creating build/lib.linux-x86_64-2.7

creating build/lib.linux-x86_64-2.7/cryptography

copying src/cryptography/__init__.py -> build/lib.linux-x86_64-2.7/cryptography

copying src/cryptography/exceptions.py -> build/lib.linux-x86_64-2.7/cryptography

copying src/cryptography/__about__.py -> build/lib.linux-x86_64-2.7/cryptography

copying src/cryptography/fernet.py -> build/lib.linux-x86_64-2.7/cryptography

copying src/cryptography/utils.py -> build/lib.linux-x86_64-2.7/cryptography

creating build/lib.linux-x86_64-2.7/cryptography/x509

copying src/cryptography/x509/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/x509

copying src/cryptography/x509/base.py -> build/lib.linux-x86_64-2.7/cryptography/x509

copying src/cryptography/x509/name.py -> build/lib.linux-x86_64-2.7/cryptography/x509

copying src/cryptography/x509/extensions.py -> build/lib.linux-x86_64-2.7/cryptography/x509

copying src/cryptography/x509/oid.py -> build/lib.linux-x86_64-2.7/cryptography/x509

copying src/cryptography/x509/general_name.py -> build/lib.linux-x86_64-2.7/cryptography/x509

creating build/lib.linux-x86_64-2.7/cryptography/hazmat

copying src/cryptography/hazmat/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat

creating build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings

copying src/cryptography/hazmat/bindings/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings

creating build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives

copying src/cryptography/hazmat/primitives/hmac.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives

copying src/cryptography/hazmat/primitives/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives

copying src/cryptography/hazmat/primitives/keywrap.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives

copying src/cryptography/hazmat/primitives/padding.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives

copying src/cryptography/hazmat/primitives/serialization.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives

copying src/cryptography/hazmat/primitives/constant_time.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives

copying src/cryptography/hazmat/primitives/hashes.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives

copying src/cryptography/hazmat/primitives/cmac.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives

creating build/lib.linux-x86_64-2.7/cryptography/hazmat/backends

copying src/cryptography/hazmat/backends/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends

copying src/cryptography/hazmat/backends/multibackend.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends

copying src/cryptography/hazmat/backends/interfaces.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends

creating build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings/commoncrypto

copying src/cryptography/hazmat/bindings/commoncrypto/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings/commoncrypto

copying src/cryptography/hazmat/bindings/commoncrypto/binding.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings/commoncrypto

creating build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings/openssl

copying src/cryptography/hazmat/bindings/openssl/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings/openssl

copying src/cryptography/hazmat/bindings/openssl/_conditional.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings/openssl

copying src/cryptography/hazmat/bindings/openssl/binding.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/bindings/openssl

creating build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/interfaces

copying src/cryptography/hazmat/primitives/interfaces/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/interfaces

creating build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/twofactor

copying src/cryptography/hazmat/primitives/twofactor/totp.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/twofactor

copying src/cryptography/hazmat/primitives/twofactor/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/twofactor

copying src/cryptography/hazmat/primitives/twofactor/hotp.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/twofactor

copying src/cryptography/hazmat/primitives/twofactor/utils.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/twofactor

creating build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric

copying src/cryptography/hazmat/primitives/asymmetric/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric

copying src/cryptography/hazmat/primitives/asymmetric/dsa.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric

copying src/cryptography/hazmat/primitives/asymmetric/padding.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric

copying src/cryptography/hazmat/primitives/asymmetric/ec.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric

copying src/cryptography/hazmat/primitives/asymmetric/utils.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric

copying src/cryptography/hazmat/primitives/asymmetric/rsa.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric

copying src/cryptography/hazmat/primitives/asymmetric/dh.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/asymmetric

creating build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/ciphers

copying src/cryptography/hazmat/primitives/ciphers/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/ciphers

copying src/cryptography/hazmat/primitives/ciphers/base.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/ciphers

copying src/cryptography/hazmat/primitives/ciphers/algorithms.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/ciphers

copying src/cryptography/hazmat/primitives/ciphers/modes.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/ciphers

creating build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/kdf

copying src/cryptography/hazmat/primitives/kdf/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/kdf

copying src/cryptography/hazmat/primitives/kdf/hkdf.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/kdf

copying src/cryptography/hazmat/primitives/kdf/concatkdf.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/kdf

copying src/cryptography/hazmat/primitives/kdf/pbkdf2.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/kdf

copying src/cryptography/hazmat/primitives/kdf/kbkdf.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/kdf

copying src/cryptography/hazmat/primitives/kdf/x963kdf.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/primitives/kdf

creating build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/commoncrypto

copying src/cryptography/hazmat/backends/commoncrypto/hmac.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/commoncrypto

copying src/cryptography/hazmat/backends/commoncrypto/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/commoncrypto

copying src/cryptography/hazmat/backends/commoncrypto/backend.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/commoncrypto

copying src/cryptography/hazmat/backends/commoncrypto/hashes.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/commoncrypto

copying src/cryptography/hazmat/backends/commoncrypto/ciphers.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/commoncrypto

creating build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl

copying src/cryptography/hazmat/backends/openssl/hmac.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl

copying src/cryptography/hazmat/backends/openssl/__init__.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl

copying src/cryptography/hazmat/backends/openssl/dsa.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl

copying src/cryptography/hazmat/backends/openssl/x509.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl

copying src/cryptography/hazmat/backends/openssl/backend.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl

copying src/cryptography/hazmat/backends/openssl/ec.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl

copying src/cryptography/hazmat/backends/openssl/hashes.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl

copying src/cryptography/hazmat/backends/openssl/cmac.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl

copying src/cryptography/hazmat/backends/openssl/ciphers.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl

copying src/cryptography/hazmat/backends/openssl/utils.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl

copying src/cryptography/hazmat/backends/openssl/rsa.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl

copying src/cryptography/hazmat/backends/openssl/decode_asn1.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl

copying src/cryptography/hazmat/backends/openssl/encode_asn1.py -> build/lib.linux-x86_64-2.7/cryptography/hazmat/backends/openssl

running egg_info

writing requirements to src/cryptography.egg-info/requires.txt

writing src/cryptography.egg-info/PKG-INFO

writing top-level names to src/cryptography.egg-info/top_level.txt

writing dependency_links to src/cryptography.egg-info/dependency_links.txt

writing entry points to src/cryptography.egg-info/entry_points.txt

warning: manifest_maker: standard file '-c' not found

reading manifest file 'src/cryptography.egg-info/SOURCES.txt'

reading manifest template 'MANIFEST.in'

no previously-included directories found matching 'docs/_build'

warning: no previously-included files matching '*' found under directory 'vectors'

writing manifest file 'src/cryptography.egg-info/SOURCES.txt'

running build_ext

generating cffi module 'build/temp.linux-x86_64-2.7/_padding.c'

creating build/temp.linux-x86_64-2.7

generating cffi module 'build/temp.linux-x86_64-2.7/_constant_time.c'

generating cffi module 'build/temp.linux-x86_64-2.7/_openssl.c'

building '_openssl' extension

creating build/temp.linux-x86_64-2.7/build

creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7

gcc -pthread -fno-strict-aliasing -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fwrapv -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fwrapv -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_openssl.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_openssl.o

virtual memory exhausted: Cannot allocate memory

error: command 'gcc' failed with exit status 1

----------------------------------------

Command "/root/.local/share/letsencrypt/bin/python2.7 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-l6BZOB/cryptography/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-n0qt5Y-record/install-record.txt --single-version-externally-managed --compile --install-headers /root/.local/share/letsencrypt/include/site/python2.7/cryptography" failed with error code 1 in /tmp/pip-build-l6BZOB/cryptography

You are using pip version 8.0.3, however version 9.0.1 is available.

You should consider upgrading via the 'pip install --upgrade pip' command.

=====================================================

Certbot has problem setting up the virtual environment.

Based on your pip output, the problem can likely be fixed by

increasing the available memory.

Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-environment

for possible solutions.

You may also find some support resources at https://certbot.eff.org/support/ .

pipをアップグレードしろみたいなことが書いてあるが、、

$ sudo pip install --upgrade pip
Requirement already up-to-date: pip in /usr/lib/python2.7/dist-packages

1 2	$ sudo pip install --upgrade pip Requirement already up-to-date: pip in /usr/lib/python2.7/dist-packages

最新版なんですけど。

$ pip -V
pip 9.0.1 from /usr/lib/python2.7/dist-packages (python 2.7)

1 2	$ pip -V pip 9.0.1 from /usr/lib/python2.7/dist-packages (python 2.7)

調べた結果、cerbot-autoスクリプトのpycparserハッシュがおかしいとか。

$ sudo vi /usr/local/src/letsencrypt/certbot-auto
----------------
pyparsing==2.1.8 \
    --hash=sha256:2f0f5ceb14eccd5aef809d6382e87df22ca1da583c79f6db01675ce7d7f49c18 \
    --hash=sha256:03a4869b9f3493807ee1f1cb405e6d576a1a2ca4d81a982677c0c1ad6177c56b \
    --hash=sha256:ab09aee814c0241ff0c503cff30018219fe1fc14501d89f406f4664a0ec9fbcd \
    --hash=sha256:6e9a7f052f8e26bcf749e4033e3115b6dc7e3c85aafcb794b9a88c9d9ef13c97 \
    --hash=sha256:9f463a6bcc4eeb6c08f1ed84439b17818e2085937c0dee0d7674ac127c67c12b \
    --hash=sha256:3626b4d81cfb300dad57f52f2f791caaf7b06c09b368c0aa7b868e53a5775424 \
    --hash=sha256:367b90cc877b46af56d4580cd0ae278062903f02b8204ab631f5a2c0f50adfd0 \
 -  --hash=sha256:9f1ea360086cd68681e7f4ca8f1f38df47bf81942a0d76a9673c2d23eff35b13
 +  --hash=sha256:9f1ea360086cd68681e7f4ca8f1f38df47bf81942a0d76a9673c2d23eff35b13 \
 +  --no-binary pycparser
----------------

$ sudo vi /usr/local/src/letsencrypt/certbot-auto

----------------

pyparsing==2.1.8 \

--hash=sha256:2f0f5ceb14eccd5aef809d6382e87df22ca1da583c79f6db01675ce7d7f49c18 \

--hash=sha256:03a4869b9f3493807ee1f1cb405e6d576a1a2ca4d81a982677c0c1ad6177c56b \

--hash=sha256:ab09aee814c0241ff0c503cff30018219fe1fc14501d89f406f4664a0ec9fbcd \

--hash=sha256:6e9a7f052f8e26bcf749e4033e3115b6dc7e3c85aafcb794b9a88c9d9ef13c97 \

--hash=sha256:9f463a6bcc4eeb6c08f1ed84439b17818e2085937c0dee0d7674ac127c67c12b \

--hash=sha256:3626b4d81cfb300dad57f52f2f791caaf7b06c09b368c0aa7b868e53a5775424 \

--hash=sha256:367b90cc877b46af56d4580cd0ae278062903f02b8204ab631f5a2c0f50adfd0 \

- --hash=sha256:9f1ea360086cd68681e7f4ca8f1f38df47bf81942a0d76a9673c2d23eff35b13

+ --hash=sha256:9f1ea360086cd68681e7f4ca8f1f38df47bf81942a0d76a9673c2d23eff35b13 \

+ --no-binary pycparser

----------------

※今回のcerbot-autoの更新では「pycparser==2.14」ではなく「pyparsing==2.1.8」となっている模様。

これで無事renewも通りました。

$ sudo service httpd reload

1	$ sudo service httpd reload

を忘れずに。

以下参考サイト）

Let’s Encryptが急に動かなくなった件（THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE.）

https://community.letsencrypt.org/t/certbot-auto-fails-while-setting-up-virtual-environment-complains-about-package-hashes/20529/24

zoneファイルへのDMARCレコード一括追加用シェルスクリプト

業務用スクリプト。

DNSサーバのどこかに置き、指定されたディレクトリ内の名前が「FQDN.zone」で終わるすべてのファイルの末尾に、DMARCポリシー用のTXTレコードを追加するスクリプト。

※ご利用の際は必ずテストを行ってください。
※改変すれば、その他のレコード追加時にも使えると思います。
※コマンドが通らないときはwhichして探してください。

#!/bin/bash

# zoneファイルがある場所
PATH="/var/named/zone"
#PATH="./zone_test" # テスト用

i=0
j=0
for zone_file in `\/usr/bin/find ${PATH} -maxdepth 1 -name '*.zone'`; do
    echo "file path -> ${zone_file}"

    # get hostname
    base=${zone_file#${PATH}/}
    echo "base -> ${base}"
    host=${base%.zone}
    echo "host -> ${host}"
    echo "${host} Start ----------"

    ret=`\/bin/grep "v=DMARC1;" "$zone_file"`

    if [ "$ret" ]; then
       # "v=DMARC1;"がすでに書いてあったらスキップ
       echo 'dmarc record is already exist.'
       i=$((++i))
    else
       # backupしたければ#を外す
       #ext=`/bin/date "+%Y%m%d"`
       #/bin/cp $zone_file "$zone_file.$ext"

       # add dmarc record
       echo 'Adding dmarc record...'
       echo "_dmarc IN TXT \"v=DMARC1; p=none\"" >> $zone_file
       j=$((++j))
    fi
    echo 'Complete add record.'
    echo "${host} End ----------"
done

total=$(($i+$j))
echo "Files nothing to do = $i"
echo "Files added record = $j"
echo "total = $total"

exit

#!/bin/bash

# zoneファイルがある場所

PATH="/var/named/zone"

#PATH="./zone_test" # テスト用

i=0

j=0

for zone_file in `\/usr/bin/find ${PATH} -maxdepth 1 -name '*.zone'`; do

echo "file path -> ${zone_file}"

# get hostname

base=${zone_file#${PATH}/}

echo "base -> ${base}"

host=${base%.zone}

echo "host -> ${host}"

echo "${host} Start ----------"

ret=`\/bin/grep "v=DMARC1;" "$zone_file"`

if [ "$ret" ]; then

# "v=DMARC1;"がすでに書いてあったらスキップ

echo 'dmarc record is already exist.'

i=$((++i))

else

# backupしたければ#を外す

#ext=`/bin/date "+%Y%m%d"`

#/bin/cp $zone_file "$zone_file.$ext"

# add dmarc record

echo 'Adding dmarc record...'

echo "_dmarc IN TXT \"v=DMARC1; p=none\"" >> $zone_file

j=$((++j))

echo 'Complete add record.'

echo "${host} End ----------"

done

total=$(($i+$j))

echo "Files nothing to do = $i"

echo "Files added record = $j"

echo "total = $total"

exit

cerbot-auto renew でpythonパッケージのインストールが進まない

letsencryptの証明書更新時に、「cerbot-auto renew」でpythonパッケージのインストールが進まない話。
→　結果、待つしかない（笑）

導入編は、こちらを参照。

さてcronによる証明書の自動更新設定を行っていたはずだが、下記のような「期限が迫ってるよ～。早く証明書更新してね～。」的なメールが届く。
———————————————
Hello,

Your certificate (or certificates) for the names listed below will expire in
9 days (on 12 Mar 17 08:02 +0000). Please make sure to renew
your certificate before then, or visitors to your website will encounter errors.

hoge.jp

For any questions or support, please visit https://community.letsencrypt.org/.
Unfortunately, we can’t provide support by email.
（以下略）
———————————————

おかしーなーと思ってrootあてのメールを見ると、以下のメッセージが。
———————————————
：
FATAL: Amazon Linux support is very experimental at present…
if you would like to work on improving it, please ensure you have backups
and then run this script again with the –debug flag!
：
———————————————

debugフラグをつけてコマンドを実行せい！とのことなので、言われたとおりにやってみるが、、

———————————————
# /usr/local/src/letsencrypt/certbot-auto renew –debug
->
Bootstrapping dependencies via Amazon Linux…
yum is /usr/bin/yum
Loaded plugins: priorities, update-motd, upgrade-helper
amzn-main/latest | 2.1 kB 00:00
amzn-updates/latest | 2.3 kB 00:00
epel/x86_64/metalink | 6.0 kB 00:00
epel/x86_64 | 4.3 kB 00:00
epel/x86_64/updateinfo | 741 kB 00:00
epel/x86_64/primary_db | 5.9 MB 00:00
remi-safe | 2.9 kB 00:00
remi-safe/primary_db | 718 kB 00:04
991 packages excluded due to repository priority protections
Package gcc-4.8.3-3.20.amzn1.noarch already installed and latest version
Package augeas-libs-1.0.0-5.7.amzn1.x86_64 already installed and latest version
Package 1:openssl-1.0.1k-15.96.amzn1.x86_64 already installed and latest version
Package 1:openssl-devel-1.0.1k-15.96.amzn1.x86_64 already installed and latest version
Package libffi-devel-3.0.13-16.5.amzn1.x86_64 already installed and latest version
Package system-rpm-config-9.0.3-42.28.amzn1.noarch already installed and latest version
Package ca-certificates-2015.2.6-65.0.1.16.amzn1.noarch already installed and latest version
Package python27-2.7.12-2.120.amzn1.x86_64 already installed and latest version
Package python27-devel-2.7.12-2.120.amzn1.x86_64 already installed and latest version
Package python27-virtualenv-12.0.7-1.13.amzn1.noarch already installed and latest version
Package python27-tools-2.7.12-2.120.amzn1.x86_64 already installed and latest version
Package python27-pip-6.1.1-1.23.amzn1.noarch already installed and latest version
Nothing to do
Creating virtual environment…
Installing Python packages…
——————————————————————————-
この状態でうんともすんとも言わなくなった！
10分待とうが20分待とうが進まないので、再度コマンド発行して、一日放置してみるも、無操作によりsshクライアントとの接続が自動切断、、、

翌週、気を取り直してもう一度試すと、、、え？通った！
——————————————————————————-
：
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log

——————————————————————————-
Processing /etc/letsencrypt/renewal/hoge.jp.conf
——————————————————————————-
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for hoge.jp
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0001_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem

——————————————————————————-
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/hoge.jp/fullchain.pem
——————————————————————————-

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/hoge.jp/fullchain.pem (success)
——————————————————————————-

最初はpipのミラーサイトがダメになったのかな？とも思っていろいろ調べたが、結局通信状態の問題もしくは一時的にミラーが落ちてたっぽい。
とりあえず待つしかなかったってことね。

参考サイト）

Linuxコマンドのワンライナー集

全文検索

grep -rnw path -e "search_string"

1	grep -rnw path -e "search_string"

で、指定したパス以下の全文検索が実行され、結果には対象のファイルと行番号が表示される。

使用例：hogeディレクトリ以下の、内容に「fuga」という文字列を含んだファイルを検索

grep -rnw ./hoge -e "fuga"

1	grep -rnw ./hoge -e "fuga"

指定のディレクトリ以下を再帰的にパーミッション変更

find path -type d -exec chmod permission \{\} \;

1	find path -type d -exec chmod permission \{\} \;

使用例：hogeディレクトリ以下の、すべてのディレクトリのパーミッションを755に変更

find ./hoge -type d -exec chmod 755 \{\} \;

1	find ./hoge -type d -exec chmod 755 \{\} \;

指定のディレクトリ以下の特定の名前のファイルを再帰的に削除

find path -name filename -exec rm -fr {} \;

1	find path -name filename -exec rm -fr {} \;

使用例：hogeディレクトリ以下の、desktop.iniファイルを全て削除

find hoge -name desctop.ini -exec rm -fr {} \;

1	find hoge -name desctop.ini -exec rm -fr {} \;

使用例：hogeディレクトリ以下の、拡張子が「.ini」のファイルを全て削除

find hoge -name *.ini -exec rm -fr {} \;

1	find hoge -name *.ini -exec rm -fr {} \;