AWS AMI Let’s Encrypt Troubleshooting & Fixing “No module named interface”

This is a pretty technical post, about how to troubleshoot and fix a not-quite-renewing correctly lets encrypt certificate on AWS instances!

Let’s Encrypt renewals patchy on EC2

If you’ve tried to renew a Lets Encrypt cert on AWS EC2, and have run into an issue, which ends with (something like):

from zope.interface import Interface
ImportError: No module named interface

You have probably had an issue updating your certificate using the Lets Encrypt auto update feature.

Upgrade pip

There is a good summary of this issue, here, but if you wanted to give the solution which usually works for us a quick spin, it is the following:

pip install --upgrade pip
pip install virtualenv --upgrade
cd /opt/letsencrypt
./certbot-auto renew

The above usually resolves our issues.

Incidentally, if you had a cron running some other update regime, its maybe time to grab a new Lets Encrypt and start using `./certbot-auto renew` – this will update all the certs on your box!

Good luck with your free securification!

Not working… “no module named interface”

Yeah… that can happen too. Try this tutorial.

1 thought on “AWS AMI Let’s Encrypt Troubleshooting & Fixing “No module named interface””

  1. This issue raised for me recently, and the solution was a little more convoluted this time. Watch out how you are sudo-ing in AWS, and also you may need to re-install certbot as well, using commands along these lines:

    Use AWS as root, with:

    sudo su -

    Then run the following to update:

    $ pip install pip -U
    $ pip install virtualenv -U
    $ pip install zope.interface -U
    $ pip install certbot -U

    Then try:

    $ sudo ./certbot-auto --debug renew

    It should be noted that the final command without the `sudo` did not work.


Leave a comment

No links of any kind allowed in comments - if you add any links, your comment will automatically be deleted.