website
website copied to clipboard
certbot
RHEL/CentOS 6 instructions should mention enabling SCL repository for new Python
Recently certbot changed its requirements on Python and started requiring the Software Collections (SCL) repository in order to run, see https://github.com/certbot/certbot/pull/7519.
Whilst there's some form of a migration path (the certbot script could be more explicit about how one installs the SCL repository), new users will be left with a non-working install until they also figure it out. Here's what I did on RHEL6 to enable the repo:
subscription-manager repos --enable=rhel-server-rhscl-6-rpms
I don't have a CentOS 6 machine to try/test corresponding install instructions on, otherwise I would create a PR. There's docs at https://www.softwarecollections.org/en/scls/rhscl/rh-python36/ but they appear to be RHEL/CentOS 7 specific.
Based on our changelog entry (see below), it looks like certbot-auto should be automatically enabling SCL for you. How are you installing and running certbot?
Changelog entry:
We deprecated support for Python 3.4 in Certbot and its ACME library. Support for Python 3.4 will be removed in the next release of Certbot. certbot-auto users on RHEL 6 based x86_64 systems will be asked to enable Software Collections (SCL) repository so Python 3.6 can be installed. certbot-auto can enable the SCL repo for you on CentOS 6 while users on other RHEL 6 based systems will be asked to do this manually.
I'm following the instructions at https://certbot.eff.org/lets-encrypt/centosrhel6-other -- essentially, wget the script into /usr/local/bin and chmod it.
On RHEL6, enabling the repo automatically doesn't occur:
[...] other RHEL 6 based systems will be asked to do this manually
The script aborts at https://github.com/certbot/certbot/blob/master/letsencrypt-auto-source/letsencrypt-auto#L525-L527 as that centos-release-scl isn't available.
That said, it could automatically set up SCL, if the script tested for and ran subscription-manager. The SCL docs suggest yum-config-manager but this did not enable the repository for me on RHEL6.
Otherwise, if automatic bootstrapping is a bridge too far, then a mention in the documentation specifically for RHEL6 users that Software Collections (SCL) needs to be set up (and a link to the official docs on how at https://access.redhat.com/solutions/472793) before running certbot-auto would avoid the script aborting.
In addition to that, perhaps the error output could be more descriptive also, in case a user was in a situation like mine -- explaining what SCL is and providing that url, as an example:
if ! "${TOOL}" list rh-python36 >/dev/null 2>&1; then
echo "To use Certbot on this operating system, packages from the Software Collections (SCL) repository need to be installed."
if ! "${TOOL}" list centos-release-scl >/dev/null 2>&1; then
error "Enable the SCL repository and try running Certbot again. For enabling SCL on RHEL6, please see https://access.redhat.com/solutions/472793"
exit 1
fi
Hey @bmw / @adferrand, I thought we changed things to automatically set up SCL in certbot-auto in https://github.com/certbot/certbot/pull/7519? Is this not that case?
We only set things up automatically for CentOS 6. RHEL 6 and other distros based on it have to do it manually.
