更新portage以后 安装 certbot

运行的时候一直报以下的错误：

sudo certbot 

　　

错误结果：

Traceback (most recent call last):
  File "/usr/lib/python-exec/python2.7/certbot", line 11, in <module>
    load_entry_point('certbot==0.30.1', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 487, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2728, in load_entry_point
    return ep.load()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2346, in load
    return self.resolve()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2352, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 10, in <module>
    import josepy as jose
  File "/usr/lib/python2.7/site-packages/josepy/__init__.py", line 44, in <module>
    from josepy.interfaces import JSONDeSerializable
  File "/usr/lib/python2.7/site-packages/josepy/interfaces.py", line 8, in <module>
    from josepy import errors, util
  File "/usr/lib/python2.7/site-packages/josepy/util.py", line 4, in <module>
    import OpenSSL
  File "/usr/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/usr/lib/python2.7/site-packages/OpenSSL/crypto.py", line 16, in <module>
    from OpenSSL._util import (
  File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 6, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
  File "/usr/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 13, in <module>
    from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: /usr/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so: undefined symbol: X509_get_signature_nid

　　

搜索一圈无果

试图删除 cryptography 以后从新安装仍是没用。

因而想到是否是由于openssl太旧了。

更新下

sudo emerge -u dev-libs/openssl

　　

从新安装certbot, 

sudo emerge -av app-crypt/certbot app-crypt/certbot-nginx

　　

再次运行 

sudo certbot --nginx

 

结果以下：

 

Saving debug log to /var/log/letsencrypt/letsencrypt.log
The nginx plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError("Could not find a usable 'nginx' binary. Ensure nginx exists, the binary is executable, and your PATH is set correctly.",)

　　

恩，虽然没成功，可是没有代码错误了

 

以上错误是由于 nginx 没有放到环境变量中去，我系统的真正的nginx在/opt/nginx/sbin/nginx，因而我作了个软连接。

sudo ln -s /opt/nginx/sbin/nginx /usr/local/bin/nginx

　　

再次执行命令 

sudo certbot --nginx

 

获得结果：

Saving debug log to /var/log/letsencrypt/letsencrypt.log
The nginx plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('Nginx build is missing SSL module (--with-http_ssl_module).',)

 

查看nginx版本

 

$ nginx -V

结果：
nginx version: nginx/1.6.3
built by gcc 4.8.4 (Gentoo 4.8.4 p1.5, pie-0.6.1) 
configure arguments: --prefix=/opt/nginx --with-http_geoip_module --add-module=/usr/src/passenger-4.0.53/ext/nginx

 

果真是没有ssl模块！

决定rebuild下nginx with ssl

下载nginx，我以前有下载过1.6.2还保留在那，因而直接进目录从新build。运行下面命令的时候最好用root权限

./configure --prefix=/opt/nginx --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module --with-cc-opt=-Wno-error --with-http_geoip_module --add-module=/usr/src/passenger-4.0.53/ext/nginx

make && make install

　

完成, 再检查一次nginx版本，已经加上了ssl模块

$ nginx -V
结果：
nginx version: nginx/1.6.2
built by gcc 5.4.0 (Gentoo 5.4.0-r3 p1.3, pie-0.6.5) 
TLS SNI support enabled
configure arguments: --prefix=/opt/nginx --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module --with-cc-opt=-Wno-error --with-http_geoip_module --add-module=/usr/src/passenger-4.0.53/ext/nginx

 

返回最初的certbot命令再来一次, 提示我去作设置了，成功在即！

$ sudo certbot --nginx
Password: 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): 

　　

跟着提示填上email，选择须要activate HTTPS 的域名。至此nginx配置成功

　　

重启nginx出现以下错误

sudo /etc/init.d/nginx restart
Password: 
 * Checking nginx' configuration ...                                                                         [ ok ]
 * Stopping nginx ...                                                                                        [ ok ]
 * Starting nginx ...
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] still could not bind()
 * start-stop-daemon: failed to start `/opt/nginx/sbin/nginx'
 * Failed to start nginx                                                                                     [ !! ]
 * ERROR: nginx failed to start

 

上述错误是由于我安装shadowsocket代理的时候占用了443 端口，因而我把shadowsocket绑定的端口改为543，而后从新启动nginx。

　　解决办法：

sudo fuser -k 443/tcp
sudo /etc/init.d/nginx restart