尝试使用Certbot安装Lets Encrypt证书时收到urllib2.HTTPError: HTTP Error 403: Forbidden错误。我一直在使用this文章中列出的步骤安装证书超过一年,并且最近开始在我的许多服务器上遇到问题。
每个服务器的环境都有问题:
GoDaddy云服务器(512MB)
Bitnami Wordpress
Ubuntu 14.04.5 LTS
Python 2.7.6
以下是尝试安装证书时的输出:
sudo ./certbot-auto certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d xxxxxxxxxxxxx.com
Bootstrapping dependencies for Debian-based OSes... (you can skip this with --no-bootstrap)
Ign http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty InRelease
Get:1 http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-updates InRelease [65.9 kB]
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-backports InRelease
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty Release.gpg
Get:2 http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-updates/main Sources [399 kB]
28% [2 Sources 63.9 kB/399 kB 16%] [Waiting for headers] [Waiting for headers]
Hit http://security.ubuntu.com trusty-security InRelease
Hit http://ppa.launchpad.net trusty InRelease
Hit http://security.ubuntu.com trusty-security/main Sources
Get:3 http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-updates/restricted Sources [6,331 B]
Get:4 http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-updates/universe Sources [180 kB]
Hit http://ppa.launchpad.net trusty/main amd64 Packages
Get:5 http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-updates/multiverse Sources [7,764 B]
Get:6 http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-updates/main amd64 Packages [984 kB]
Hit http://security.ubuntu.com trusty-security/universe Sources
Hit http://ppa.launchpad.net trusty/main i386 Packages
Hit http://ppa.launchpad.net trusty/main Translation-en
Hit http://security.ubuntu.com trusty-security/main amd64 Packages
Hit http://security.ubuntu.com trusty-security/universe amd64 Packages
Hit http://security.ubuntu.com trusty-security/main i386 Packages
Get:7 http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-updates/restricted amd64 Packages [17.1 kB]
Hit http://security.ubuntu.com trusty-security/universe i386 Packages
Get:8 http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-updates/universe amd64 Packages [408 kB]
Hit http://security.ubuntu.com trusty-security/main Translation-en
Get:9 http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-updates/multiverse amd64 Packages [14.3 kB]
Get:10 http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-updates/main i386 Packages [941 kB]
Hit http://security.ubuntu.com trusty-security/universe Translation-en
Get:11 http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-updates/restricted i386 Packages [16.9 kB]
Get:12 http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-updates/universe i386 Packages [408 kB]
Get:13 http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-updates/multiverse i386 Packages [14.6 kB]
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-updates/main Translation-en
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-updates/multiverse Translation-en
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-updates/restricted Translation-en
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-updates/universe Translation-en
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty Release
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-backports/main Sources
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-backports/restricted Sources
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-backports/universe Sources
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-backports/multiverse Sources
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-backports/main amd64 Packages
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-backports/restricted amd64 Packages
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-backports/universe amd64 Packages
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-backports/multiverse amd64 Packages
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-backports/main i386 Packages
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-backports/restricted i386 Packages
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-backports/universe i386 Packages
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-backports/multiverse i386 Packages
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-backports/main Translation-en
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-backports/multiverse Translation-en
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-backports/restricted Translation-en
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty-backports/universe Translation-en
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty/main Sources
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty/restricted Sources
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty/universe Sources
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty/multiverse Sources
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty/main amd64 Packages
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty/restricted amd64 Packages
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty/universe amd64 Packages
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty/multiverse amd64 Packages
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty/main i386 Packages
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty/restricted i386 Packages
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty/universe i386 Packages
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty/multiverse i386 Packages
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty/main Translation-en
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty/multiverse Translation-en
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty/restricted Translation-en
Hit http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty/universe Translation-en
Ign http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty/main Translation-en_US
Ign http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty/multiverse Translation-en_US
Ign http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty/restricted Translation-en_US
Ign http://iad-public-cmh-zone-1.clouds.archive.ubuntu.com trusty/universe Translation-en_US
Fetched 3,463 kB in 8s (395 kB/s)
Reading package lists... Done
W: Ignoring Provides line with DepCompareOp for package python-cffi-backend-api-max
W: Ignoring Provides line with DepCompareOp for package python-cffi-backend-api-min
W: Ignoring Provides line with DepCompareOp for package python3-cffi-backend-api-max
W: Ignoring Provides line with DepCompareOp for package python3-cffi-backend-api-min
W: Ignoring Provides line with DepCompareOp for package python-cffi-backend-api-max
W: Ignoring Provides line with DepCompareOp for package python-cffi-backend-api-min
W: Ignoring Provides line with DepCompareOp for package python3-cffi-backend-api-max
W: Ignoring Provides line with DepCompareOp for package python3-cffi-backend-api-min
W: You may want to run apt-get update to correct these problems
Reading package lists... Done
Building dependency tree
Reading state information... Done
gcc is already the newest version.
python is already the newest version.
python-dev is already the newest version.
augeas-lenses is already the newest version.
ca-certificates is already the newest version.
libaugeas0 is already the newest version.
libffi-dev is already the newest version.
libssl-dev is already the newest version.
openssl is already the newest version.
python-virtualenv is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 19 not upgraded.
WARNING: unable to check for updates.
Creating virtual environment...
Running virtualenv with interpreter /usr/bin/python2.7
New python executable in /home/xxxxxxxxxxx/.local/share/letsencrypt/bin/python2.7
Also creating executable in /home/xxxxxxxxxxx/.local/share/letsencrypt/bin/python
Installing setuptools, pip...done.
Installing Python packages...
Traceback (most recent call last):
File "/tmp/tmp.rG5cNt1Qm0/pipstrap.py", line 146, in <module>
exit(main())
File "/tmp/tmp.rG5cNt1Qm0/pipstrap.py", line 130, in main
for url, digest in PACKAGES]
File "/tmp/tmp.rG5cNt1Qm0/pipstrap.py", line 112, in hashed_download
response = opener().open(url)
File "/usr/lib/python2.7/urllib2.py", line 410, in open
response = meth(req, response)
File "/usr/lib/python2.7/urllib2.py", line 523, in http_response
'http', request, response, code, msg, hdrs)
File "/usr/lib/python2.7/urllib2.py", line 448, in error
return self._call_chain(*args)
File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain
result = func(*args)
File "/usr/lib/python2.7/urllib2.py", line 531, in http_error_default
raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 403: Forbidden
更新
当我尝试从pypi.python.org
bitnami@atv-demo:/tmp$ sudo wget https://pypi.python.org/packages/source/p/pip/pip-8.0.3.tar.gz
--2017-06-07 06:58:33-- https://pypi.python.org/packages/source/p/pip/pip-8.0.3.tar.gz
Resolving pypi.python.org (pypi.python.org)... 151.101.32.223, 2a04:4e42:8::223
Connecting to pypi.python.org (pypi.python.org)|151.101.32.223|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2017-06-07 06:58:33 ERROR 403: Forbidden.
bitnami@atv-demo:/tmp$ sudo wget https://pypi.python.org/packages/source/s/setuptools/setuptools-20.2.2.tar.gz
--2017-06-07 06:58:41-- https://pypi.python.org/packages/source/s/setuptools/setuptools-20.2.2.tar.gz
Resolving pypi.python.org (pypi.python.org)... 151.101.32.223, 2a04:4e42:8::223
Connecting to pypi.python.org (pypi.python.org)|151.101.32.223|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2017-06-07 06:58:41 ERROR 403: Forbidden.
bitnami@atv-demo:/tmp$ sudo wget https://pypi.python.org/packages/source/w/wheel/wheel-0.29.0.tar.gz
--2017-06-07 06:58:48-- https://pypi.python.org/packages/source/w/wheel/wheel-0.29.0.tar.gz
Resolving pypi.python.org (pypi.python.org)... 151.101.32.223, 2a04:4e42:8::223
Connecting to pypi.python.org (pypi.python.org)|151.101.32.223|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2017-06-07 06:58:48 ERROR 403: Forbidden.
答案 0 :(得分:0)
Bitnami开发者在这里。
根据您共享的回溯,尝试下载Python包时发生错误。脚本尝试下载的URL列表是:
https://pypi.python.org/packages/source/p/pip/pip-8.0.3.tar.gz
https://pypi.python.org/packages/source/s/setuptools/setuptools-20.2.2.tar.gz
https://pypi.python.org/packages/source/w/wheel/wheel-0.29.0.tar.gz
并且可选:
https://pypi.python.org/packages/source/a/argparse/argparse-1.4.0.tar.gz
考虑到指向pypi.python.org的网址,这可能是一个短暂的错误。
或者,您可以尝试从official PPA安装Certbot,而不是使用certbot-auto。
答案 1 :(得分:0)
添加letsencrypt PPA后没有相同的问题(没有更新apt-get update更正了问题)。挖掘它似乎我的提供者(OVH / Kimsufi)也被阻止访问pypi.python.org服务器。
W: Ignoring Provides line with DepCompareOp for package python-cffi-backend-api-max
W: Ignoring Provides line with DepCompareOp for package python-cffi-backend-api-min
W: Ignoring Provides line with DepCompareOp for package python3-cffi-backend-api-max
W: Ignoring Provides line with DepCompareOp for package python3-cffi-backend-api-min
W: Ignoring Provides line with DepCompareOp for package python-cffi-backend-api-max
W: Ignoring Provides line with DepCompareOp for package python-cffi-backend-api-min
W: Ignoring Provides line with DepCompareOp for package python3-cffi-backend-api-max
W: Ignoring Provides line with DepCompareOp for package python3-cffi-backend-api-min
W: You may want to run apt-get update to correct these problems
要解决问题,请删除certbot,然后删除PPA
root@ksxxxxxxx:~# apt-get remove python-certbot-apache
root@ksxxxxxxx:~# add-apt-repository -r ppa:certbot/certbot
root@ksxxxxxxx:~# apt-get update
现在,在进行apt-get更新时,不应显示任何错误。
然后手动安装:
root@ksxxxxxxx:~# mkdir certbot
root@ksxxxxxxx:~# cd certbot
root@ksxxxxxxx:~/certbot# wget https://dl.eff.org/certbot-auto
root@ksxxxxxxx:~/certbot# chmod a+x ./certbot-auto
root@ksxxxxxxx:~/certbot# ./certbot-auto --apache -d www.example.org
结果
...
Processing triggers for install-info (5.2.0.dfsg.1-2) ...
Setting up libasan0:amd64 (4.8.4-2ubuntu1~14.04.3) ...
Setting up libatomic1:amd64 (4.8.4-2ubuntu1~14.04.3) ...
Setting up libgmp10:amd64 (2:5.1.3+dfsg-1ubuntu1) ...
Setting up libisl10:amd64 (0.12.2-1) ...
Setting up libcloog-isl4:amd64 (0.18.2-1) ...
Setting up libitm1:amd64 (4.8.4-2ubuntu1~14.04.3) ...
Setting up libmpfr4:amd64 (3.1.2-1) ...
Setting up libc-dev-bin (2.19-0ubuntu6.13) ...
Setting up linux-libc-dev:amd64 (3.13.0-125.174) ...
Setting up libc6-dev:amd64 (2.19-0ubuntu6.13) ...
Setting up libexpat1-dev:amd64 (2.1.0-4ubuntu1.4) ...
Setting up libpython2.7-dev:amd64 (2.7.6-8ubuntu0.3) ...
Setting up libquadmath0:amd64 (4.8.4-2ubuntu1~14.04.3) ...
Setting up libtsan0:amd64 (4.8.4-2ubuntu1~14.04.3) ...
Setting up libmpc3:amd64 (1.0.1-1ubuntu1) ...
Setting up augeas-lenses (1.2.0-0ubuntu1.2) ...
Setting up cpp-4.8 (4.8.4-2ubuntu1~14.04.3) ...
Setting up cpp (4:4.8.2-1ubuntu6) ...
Setting up libgcc-4.8-dev:amd64 (4.8.4-2ubuntu1~14.04.3) ...
Setting up gcc-4.8 (4.8.4-2ubuntu1~14.04.3) ...
Setting up gcc (4:4.8.2-1ubuntu6) ...
Setting up libaugeas0 (1.2.0-0ubuntu1.2) ...
Setting up libpython-dev:amd64 (2.7.5-5ubuntu3) ...
Setting up zlib1g-dev:amd64 (1:1.2.8.dfsg-1ubuntu1) ...
Setting up libssl-dev:amd64 (1.0.1f-1ubuntu2.22) ...
Setting up python2.7-dev (2.7.6-8ubuntu0.3) ...
Setting up python-dev (2.7.5-5ubuntu3) ...
Setting up python-setuptools (3.3-1ubuntu2) ...
Setting up python-virtualenv (1.11.4-1ubuntu1) ...
Setting up libffi-dev:amd64 (3.1~rc1+r3.0.13-12ubuntu0.1) ...
Processing triggers for libc-bin (2.19-0ubuntu6.13) ...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel):
在继续完成问题后,证书已正确安装。