Amazon-Ec2

在 Amazon Linux 上使用 LetsEncrypt certbot 創建 SSL 證書時出錯

  • February 14, 2018

我正在嘗試使用該certbot軟體為在執行 Amazon Linux (2017.09) 的 AWS EC2 實例上執行的 Web 伺服器 (Apache) 設置免費的 LetsEncrypt SSL 證書。我似乎無法從 repos 中獲取它,所以我從https://dl.eff.org/certbot-auto.

我正在執行以下命令:

sudo ./certbot-auto --debug certonly

我得到以下輸出和錯誤:

Bootstrapping dependencies for Amazon... (you can skip this with
--no-bootstrap)  
yum is /usr/bin/yum  
yum is hashed (/usr/bin/yum)  
Loaded plugins: priorities, update-motd, upgrade-helper 1005 packages excluded due to repository priority protections  
Package matching gcc-4.8.3-3.20.amzn1.noarch already installed.   
Checking for update. Package matching 1:openssl-1.0.1k-15.99.amzn1.x86_64 already installed.  
Checking for update.  
Package ca-certificates-2015.2.6-65.0.1.16.amzn1.noarch already installed and latest version Package python27-devel-2.7.12-2.120.amzn1.x86_64 already installed and latest version  
Package matching python27-virtualenv-12.0.7-1.13.amzn1.noarch already installed. Checking for update.  
Package matching python27-pip-6.1.1-1.23.amzn1.noarch already installed. Checking for update.  
Package 1:mod_ssl-2.2.34-1.15.amzn1.x86_64 already installed and latest version Resolving Dependencies
--> Running transaction check
---> Package augeas-libs.x86_64 0:1.0.0-5.7.amzn1 will be installed
---> Package libffi-devel.x86_64 0:3.0.13-16.5.amzn1 will be installed
---> Package openssl-devel.x86_64 1:1.0.1k-15.99.amzn1 will be installed
--> Processing Dependency: openssl(x86-64) = 1:1.0.1k-15.99.amzn1 for package: 1:openssl-devel-1.0.1k-15.99.amzn1.x86_64
--> Processing Dependency: krb5-devel(x86-64) for package: 1:openssl-devel-1.0.1k-15.99.amzn1.x86_64
---> Package python27-tools.x86_64 0:2.7.12-2.120.amzn1 will be installed
---> Package system-rpm-config.noarch 0:9.0.3-42.28.amzn1 will be installed
--> Running transaction check
---> Package krb5-devel.x86_64 0:1.14.1-27.41.amzn1 will be installed
--> Processing Dependency: krb5-libs(x86-64) = 1.14.1-27.41.amzn1 for package: krb5-devel-1.14.1-27.41.amzn1.x86_64
--> Processing Dependency: libkadm5(x86-64) = 1.14.1-27.41.amzn1 for package: krb5-devel-1.14.1-27.41.amzn1.x86_64
--> Processing Dependency: libverto-devel for package: krb5-devel-1.14.1-27.41.amzn1.x86_64
--> Processing Dependency: libcom_err-devel for package: krb5-devel-1.14.1-27.41.amzn1.x86_64
--> Processing Dependency: keyutils-libs-devel for package: krb5-devel-1.14.1-27.41.amzn1.x86_64
--> Processing Dependency: libselinux-devel for package: krb5-devel-1.14.1-27.41.amzn1.x86_64
---> Package openssl-devel.x86_64 1:1.0.1k-15.99.amzn1 will be installed
--> Processing Dependency: openssl(x86-64) = 1:1.0.1k-15.99.amzn1 for package: 1:openssl-devel-1.0.1k-15.99.amzn1.x86_64
--> Running transaction check
---> Package keyutils-libs-devel.x86_64 0:1.5.8-3.12.amzn1 will be installed
---> Package krb5-devel.x86_64 0:1.14.1-27.41.amzn1 will be installed
--> Processing Dependency: krb5-libs(x86-64) = 1.14.1-27.41.amzn1 for package: krb5-devel-1.14.1-27.41.amzn1.x86_64
---> Package libcom_err-devel.x86_64 0:1.42.12-4.40.amzn1 will be installed
---> Package libkadm5.x86_64 0:1.14.1-27.41.amzn1 will be installed
--> Processing Dependency: krb5-libs(x86-64) = 1.14.1-27.41.amzn1 for package: libkadm5-1.14.1-27.41.amzn1.x86_64
---> Package libselinux-devel.x86_64 0:2.1.10-3.22.amzn1 will be installed
--> Processing Dependency: libsepol-devel >= 2.1.5-1 for package: libselinux-devel-2.1.10-3.22.amzn1.x86_64
--> Processing Dependency: pkgconfig(libsepol) for package: libselinux-devel-2.1.10-3.22.amzn1.x86_64
---> Package libverto-devel.x86_64 0:0.2.5-4.9.amzn1 will be installed
---> Package openssl-devel.x86_64 1:1.0.1k-15.99.amzn1 will be installed
--> Processing Dependency: openssl(x86-64) = 1:1.0.1k-15.99.amzn1 for package: 1:openssl-devel-1.0.1k-15.99.amzn1.x86_64
--> Running transaction check
---> Package krb5-devel.x86_64 0:1.14.1-27.41.amzn1 will be installed
--> Processing Dependency: krb5-libs(x86-64) = 1.14.1-27.41.amzn1 for package: krb5-devel-1.14.1-27.41.amzn1.x86_64
---> Package libkadm5.x86_64 0:1.14.1-27.41.amzn1 will be installed
--> Processing Dependency: krb5-libs(x86-64) = 1.14.1-27.41.amzn1 for package: libkadm5-1.14.1-27.41.amzn1.x86_64
---> Package libsepol-devel.x86_64 0:2.1.7-3.12.amzn1 will be installed
---> Package openssl-devel.x86_64 1:1.0.1k-15.99.amzn1 will be installed
--> Processing Dependency: openssl(x86-64) = 1:1.0.1k-15.99.amzn1 for package: 1:openssl-devel-1.0.1k-15.99.amzn1.x86_64
--> Finished Dependency Resolution  
Error: Package: libkadm5-1.14.1-27.41.amzn1.x86_64 (amzn-main)
          Requires: krb5-libs(x86-64) = 1.14.1-27.41.amzn1
          Installed: krb5-libs-1.15.1-8.43.amzn1.x86_64 (@amzn-updates/latest)
              krb5-libs(x86-64) = 1.15.1-8.43.amzn1
          Available: krb5-libs-1.14.1-27.41.amzn1.x86_64 (amzn-main)
              krb5-libs(x86-64) = 1.14.1-27.41.amzn1 Error: Package: krb5-devel-1.14.1-27.41.amzn1.x86_64 (amzn-main)
          Requires: krb5-libs(x86-64) = 1.14.1-27.41.amzn1
          Installed: krb5-libs-1.15.1-8.43.amzn1.x86_64 (@amzn-updates/latest)
              krb5-libs(x86-64) = 1.15.1-8.43.amzn1
          Available: krb5-libs-1.14.1-27.41.amzn1.x86_64 (amzn-main)
              krb5-libs(x86-64) = 1.14.1-27.41.amzn1 Error: Package: 1:openssl-devel-1.0.1k-15.99.amzn1.x86_64 (amzn-main)
          Requires: openssl(x86-64) = 1:1.0.1k-15.99.amzn1
          Installed: 1:openssl-1.0.2k-7.103.amzn1.x86_64 (@amzn-main/latest)
              openssl(x86-64) = 1:1.0.2k-7.103.amzn1
          Available: 1:openssl-1.0.1k-15.99.amzn1.x86_64 (amzn-main)
              openssl(x86-64) = 1:1.0.1k-15.99.amzn1  
You could try using --skip-broken to work around the problem  
You could try running: rpm -Va --nofiles --nodigest  
Could not install OS dependencies. Aborting bootstrap!

我知道有人說 Amazon Linux 沒有像其他發行版用於 certbot 那樣得到適當的支持,但也許有人可以幫我找出解決方法?

如果您使用的是不受支持的作業系統,那麼最好的選擇是使用 Let’s Encrypt 的第三方客戶端之一。

我個人的偏好是acme.sh

引用自:https://serverfault.com/questions/897274