This is a pretty technical post, about how to troubleshoot and fix a not-quite-renewing correctly lets encrypt certificate on AWS instances!
Let’s Encrypt renewals patchy on EC2
If you’ve tried to renew a Lets Encrypt cert on AWS EC2, and have run into an issue, which ends with (something like):
from zope.interface import Interface
ImportError: No module named interface
You have probably had an issue updating your certificate using the Lets Encrypt auto update feature.
Upgrade pip
There is a good summary of this issue, here, but if you wanted to give the solution which usually works for us a quick spin, it is the following:
pip install --upgrade pip
pip install virtualenv --upgrade
cd /opt/letsencrypt
./certbot-auto renew
The above usually resolves our issues.
Incidentally, if you had a cron running some other update regime, its maybe time to grab a new Lets Encrypt and start using `./certbot-auto renew` – this will update all the certs on your box!
Good luck with your free securification!
Not working… “no module named interface”
Yeah… that can happen too. Try this tutorial.
This issue raised for me recently, and the solution was a little more convoluted this time. Watch out how you are sudo-ing in AWS, and also you may need to re-install certbot as well, using commands along these lines:
Use AWS as root, with:
sudo su -
Then run the following to update:
$ pip install pip -U
$ pip install virtualenv -U
$ pip install zope.interface -U
$ pip install certbot -U
Then try:
$ sudo ./certbot-auto --debug renew
It should be noted that the final command without the `sudo` did not work.