更新portage以後 安裝 certbot

運行的時候一直報以下的錯誤：

sudo certbot 

　　

錯誤結果：

Traceback (most recent call last):
  File "/usr/lib/python-exec/python2.7/certbot", line 11, in <module>
    load_entry_point('certbot==0.30.1', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 487, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2728, in load_entry_point
    return ep.load()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2346, in load
    return self.resolve()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2352, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 10, in <module>
    import josepy as jose
  File "/usr/lib/python2.7/site-packages/josepy/__init__.py", line 44, in <module>
    from josepy.interfaces import JSONDeSerializable
  File "/usr/lib/python2.7/site-packages/josepy/interfaces.py", line 8, in <module>
    from josepy import errors, util
  File "/usr/lib/python2.7/site-packages/josepy/util.py", line 4, in <module>
    import OpenSSL
  File "/usr/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/usr/lib/python2.7/site-packages/OpenSSL/crypto.py", line 16, in <module>
    from OpenSSL._util import (
  File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 6, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
  File "/usr/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 13, in <module>
    from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: /usr/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so: undefined symbol: X509_get_signature_nid

　　

搜索一圈無果

試圖刪除 cryptography 以後從新安裝仍是沒用。

因而想到是否是由於openssl太舊了。

更新下

sudo emerge -u dev-libs/openssl

　　

從新安裝certbot, 

sudo emerge -av app-crypt/certbot app-crypt/certbot-nginx

　　

再次運行 

sudo certbot --nginx

 

結果以下：

 

Saving debug log to /var/log/letsencrypt/letsencrypt.log
The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError("Could not find a usable 'nginx' binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.",)

　　

恩，雖然沒成功，可是沒有代碼錯誤了

 

以上錯誤是由於 nginx 沒有放到環境變量中去，我係統的真正的nginx在/opt/nginx/sbin/nginx，因而我作了個軟連接。

sudo ln -s /opt/nginx/sbin/nginx /usr/local/bin/nginx

　　

再次執行命令 

sudo certbot --nginx

 

獲得結果：

Saving debug log to /var/log/letsencrypt/letsencrypt.log
The nginx plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('Nginx build is missing SSL module (--with-http_ssl_module).',)

 

查看nginx版本

 

$ nginx -V

結果：
nginx version: nginx/1.6.3
built by gcc 4.8.4 (Gentoo 4.8.4 p1.5, pie-0.6.1) 
configure arguments: --prefix=/opt/nginx --with-http_geoip_module --add-module=/usr/src/passenger-4.0.53/ext/nginx

 

果真是沒有ssl模塊！

決定rebuild下nginx with ssl

下載nginx，我以前有下載過1.6.2還保留在那，因而直接進目錄從新build。運行下面命令的時候最好用root權限

./configure --prefix=/opt/nginx --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module --with-cc-opt=-Wno-error --with-http_geoip_module --add-module=/usr/src/passenger-4.0.53/ext/nginx

make && make install

　

完成, 再檢查一次nginx版本，已經加上了ssl模塊

$ nginx -V
結果：
nginx version: nginx/1.6.2
built by gcc 5.4.0 (Gentoo 5.4.0-r3 p1.3, pie-0.6.5) 
TLS SNI support enabled
configure arguments: --prefix=/opt/nginx --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module --with-cc-opt=-Wno-error --with-http_geoip_module --add-module=/usr/src/passenger-4.0.53/ext/nginx

 

返回最初的certbot命令再來一次, 提示我去作設置了，成功在即！

$ sudo certbot --nginx
Password: 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): 

　　

跟着提示填上email，選擇須要activate HTTPS 的域名。至此nginx配置成功

　　

重啓nginx出現以下錯誤

sudo /etc/init.d/nginx restart
Password: 
 * Checking nginx' configuration ...                                                                         [ ok ]
 * Stopping nginx ...                                                                                        [ ok ]
 * Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] still could not bind()
 * start-stop-daemon: failed to start `/opt/nginx/sbin/nginx'
 * Failed to start nginx                                                                                     [ !! ]
 * ERROR: nginx failed to start

 

上述錯誤是由於我安裝shadowsocket代理的時候佔用了443 端口，因而我把shadowsocket綁定的端口改爲543，而後從新啓動nginx。

　　解決辦法：

sudo fuser -k 443/tcp
sudo /etc/init.d/nginx restart