LetsEncrypt 3.5.0 install fails (due to SSL version?) on Debian 9.11

  • I received notice today that LE SSL renewals were not occurring, and I noticed the plugin version was out of date - obvious first choice, update the plugin.


    However, upon activation, the plugin spat out the error


    Code
    1. Plugin::LetsEncrypt::enable: E: Unable to correct problems, you have held broken packages. at /var/www/imscp/gui/plugins/LetsEncrypt/backend/LetsEncrypt.pm line 266.

    a quick scan of the code led me to


    Code
    1. $rs = execute(
    2. [ "$main::imscpConfig{'PLUGINS_DIR'}/LetsEncrypt/bin/certbot-auto", '--non-interactive', '--no-self-upgrade', '--version' ],
    3. \$stdout, \$stderr
    4. ) == 0 or die( $stderr );

    which when run interactively produced


    It seems to want to install a prior version of libssl1.1 -- because when I try and upgrade libssl1.1 it tells me that I'm already running the right version.


    Code
    1. root@centaur:~# apt-get upgrade libssl1.1
    2. Reading package lists... Done
    3. Building dependency tree
    4. Reading state information... Done
    5. libssl1.1 is already the newest version (1.1.1d-1+0~20191009.15+debian9~1.gbpd6badf).


    attempting to force the install does no good (which is probably a good thing - it would probably break other packages)


    It seems to be half installed at this point - there's a Plugin directory at /var/www/imscp/gui/plugins/LetsEncrypt/ and there's the letsencrypt database table (from the old version I'm guessing) but LE doesnt show in any menu, and it's showing an error on the plugin list.


    Config info:


    Debian GNU/Linux 9.11 (stretch)

    i-MSCP 1.5.3 Build: 20180516 Codename: Ennio Morricone

    LetsEncrypt 3.5.0 (downloaded today)

    PHP 7.1.24-1+0~20181112093455.10+stretch~1.gbp09a4fd (cli) (phpSwitcher 4.0.3 is also installed)

    PHP-FPM mode


    apt-get upgrade does hold back some packages - but none are (to my knowledge) ssl dependent


    The following packages have been kept back:

    icu-devtools libapache2-mod-php7.1 libargon2-0 libicu-dev libicu57 libtidy-dev libxml2 libxml2-dev linux-image-amd64 php7.1-cgi php7.1-cli php7.1-common

    php7.1-curl php7.1-fpm php7.1-gd php7.1-gmp php7.1-imap php7.1-intl php7.1-json php7.1-mbstring php7.1-mcrypt php7.1-mysql php7.1-opcache php7.1-pspell

    php7.1-readline php7.1-soap php7.1-xml php7.1-zip php7.2-cli php7.2-common php7.2-json php7.2-opcache php7.2-readline

    0 upgraded, 0 newly installed, 0 to remove and 33 not upgraded.


    Dont know if you need this or not, but including it as it's part of the 'standard list of things'


  • Good morning,


    Can we access the server to investigate?

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • I'll investigate this evening. Sorry for the delay.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Nuxwin

    Added the Label to be investigated
  • Scott Brown


    Problem has been fixed. It was due to the fact that there was an APT pinning on old openssl ;)


    Summary

    1. Server has been updated: apt-get update && apt-get dist-upgrade
    2. Server has been rebooted (due to kernel update)
    3. APT pinning on openssl has been removed from the /etc/apt/preferences.d/imscp APT preferences file
    4. openssl has been upgraded: apt-get dist-upgrade
    5. Error field of the LetsEncrypt plugin has been reset to NULL in the i-MSCP database
    6. The i-MSCP request manager has been executed to retry the LetsEncrypt plugin installation:


    Thank you for using our services. Please connect to the control panel interface and check that all is working as expected.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    Scott Brown and vege.net like this.
  • Nuxwin

    Set the Label from to be investigated to solved through online support
  • Scott Brown


    You're welcome.


    Thread closed.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Nuxwin

    Closed the thread.