Letsencrypt无法生成、更新SSL证书的解决办法

我在CentOS服务器上统一使用Letsencrypt来管理（创建和更新）网站的https证书。

在海外的服务器上，Letsencrypt一直使用正常。

在国内，我使用的是阿里云的服务器，首次使用Letsencrypt创建https证书时一切正常，当证书到期后，使用renew命令无法更新证书；我将证书删除，重新创建证书，也报同样的错误，具体如下：

Automated renewal failed:
Bootstrapping dependencies for RedHat-based OSes... (you can skip this with --no-bootstrap)
yum is /usr/bin/yum
yum is hashed (/usr/bin/yum)
Loaded plugins: fastestmirror
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Loading mirror speeds from cached hostfile
 * base: mirrors.cn99.com
 * extras: mirrors.163.com
 * updates: mirrors.163.com
Package gcc-4.8.5-16.el7_4.2.x86_64 already installed and latest version
Package augeas-libs-1.4.0-2.el7_4.2.x86_64 already installed and latest version
Package 1:openssl-1.0.2k-8.el7.x86_64 already installed and latest version
Package 1:openssl-devel-1.0.2k-8.el7.x86_64 already installed and latest version
Package libffi-devel-3.0.13-18.el7.x86_64 already installed and latest version
Package redhat-rpm-config-9.1.0-76.el7.centos.noarch already installed and latest version
Package ca-certificates-2017.2.14-71.el7.noarch already installed and latest version
Package python-devel-2.7.5-58.el7.x86_64 already installed and latest version
Package python-virtualenv-1.10.1-4.el7.noarch already installed and latest version
Package python-tools-2.7.5-58.el7.x86_64 already installed and latest version
Package python2-pip-8.1.2-6.el7.noarch already installed and latest version
Nothing to do
Creating virtual environment...
New python executable in /opt/eff.org/certbot/venv/bin/python2.7
Also creating executable in /opt/eff.org/certbot/venv/bin/python
Please make sure you remove any previous custom paths from your /root/.pydistutils.cfg file.
Installing Setuptools..............................................................................................................................................................................................................................done.
Installing Pip.....................................................................................................................................................................................................................................................................................................................................done.
Running virtualenv with interpreter /usr/bin/python2.7
Installing Python packages...
Collecting argparse==1.4.0 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 11))
  Downloading http://mirrors.aliyun.com/pypi/packages/f2/94/3af39d34be01a24a6e65433d19e107099374224905f1e0cc6bbe1fd22a2f/argparse-1.4.0-py2.py3-none-any.whl
Collecting pycparser==2.14 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 17))
  Downloading http://mirrors.aliyun.com/pypi/packages/6d/31/666614af3db0acf377876d48688c5d334b6e493b96d21aa7d332169bee50/pycparser-2.14.tar.gz (223kB)
Collecting asn1crypto==0.22.0 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 21))
  Downloading http://mirrors.aliyun.com/pypi/packages/97/ba/7e8117d8efcee589f4d96dd2b2eb1d997f96d27d214cf2b7134ad8acf6ab/asn1crypto-0.22.0-py2.py3-none-any.whl (97kB)
Collecting cffi==1.10.0 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 24))
  Downloading http://mirrors.aliyun.com/pypi/packages/50/85/d74d06ac09fc2deb3d9bd6d6aca4ca13d82b8118c04494cd0e84fcd81624/cffi-1.10.0-cp27-cp27mu-manylinux1_x86_64.whl (392kB)
Collecting ConfigArgParse==0.12.0 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 61))
  Downloading http://mirrors.aliyun.com/pypi/packages/17/8d/4a41f11b0971017c7001f118be8003da8f7b96b010c66cd792b76658d1e1/ConfigArgParse-0.12.0.tar.gz (41kB)
Collecting configobj==5.0.6 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 63))
  Downloading http://mirrors.aliyun.com/pypi/packages/64/61/079eb60459c44929e684fa7d9e2fdca403f67d64dd9dbac27296be2e0fab/configobj-5.0.6.tar.gz
Collecting cryptography==2.0.2 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 65))
  Downloading http://mirrors.aliyun.com/pypi/packages/b2/c3/713d3a0c964acd704ee2b8521f51706aa8053fc5addbcd43cb03d74819e7/cryptography-2.0.2-cp27-cp27mu-manylinux1_x86_64.whl (2.2MB)
Collecting enum34==1.1.2 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 96))
  Downloading http://mirrors.aliyun.com/pypi/packages/6f/e9/08fd439384b7e3d613e75a6c8236b8e64d90c47d23413493b38d4229a9a5/enum34-1.1.2.tar.gz (46kB)
Collecting funcsigs==1.0.2 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 99))
  Downloading http://mirrors.aliyun.com/pypi/packages/69/cb/f5be453359271714c01b9bd06126eaf2e368f1fddfff30818754b5ac2328/funcsigs-1.0.2-py2.py3-none-any.whl
Collecting idna==2.5 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 102))
  Downloading http://mirrors.aliyun.com/pypi/packages/11/7d/9bbbd7bb35f34b0169542487d2a8859e44306bb2e6a4455d491800a5621f/idna-2.5-py2.py3-none-any.whl (55kB)
Collecting ipaddress==1.0.16 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 105))
  Downloading http://mirrors.aliyun.com/pypi/packages/23/6a/813ac29a01e4c33c19c2bded98ac3d4266ebbf0bd2c0eb0020e1c969958d/ipaddress-1.0.16-py27-none-any.whl
Collecting josepy==1.0.1 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 108))
  Downloading http://mirrors.aliyun.com/pypi/packages/8f/0e/8db99b520370eb417e60a0c1c9edbaf4e57aa6a17529b8b9cdbed8b858b2/josepy-1.0.1-py2.py3-none-any.whl (53kB)
Collecting linecache2==1.0.0 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 111))
  Downloading http://mirrors.aliyun.com/pypi/packages/c7/a3/c5da2a44c85bfbb6eebcfc1dde24933f8704441b98fdde6528f4831757a6/linecache2-1.0.0-py2.py3-none-any.whl
Collecting mock==1.3.0 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 115))
  Downloading http://mirrors.aliyun.com/pypi/packages/b2/50/664a70b87408bb6c14c1af2337efa64eb8d1af80c933531758b8fb41ec25/mock-1.3.0-py2.py3-none-any.whl (56kB)
Collecting ordereddict==1.1 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 118))
  Downloading http://mirrors.aliyun.com/pypi/packages/53/25/ef88e8e45db141faa9598fbf7ad0062df8f50f881a36ed6a0073e1572126/ordereddict-1.1.tar.gz
Collecting packaging==16.8 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 120))
  Downloading http://mirrors.aliyun.com/pypi/packages/87/1b/c39b7c65b5612812b83d6cab7ef2885eac9f6beb0b7b8a7071a186aea3b1/packaging-16.8-py2.py3-none-any.whl
Collecting parsedatetime==2.1 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 123))
  Downloading http://mirrors.aliyun.com/pypi/packages/85/1f/13fc06097e516f6259d62cea502b116451321c96e18a9d0fff9da3442e02/parsedatetime-2.1-py2-none-any.whl
Collecting pbr==1.8.1 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 126))
  Downloading http://mirrors.aliyun.com/pypi/packages/fc/37/94af8387babb09796d306b18cf94ee5c70388c875a16d8a88e471500452c/pbr-1.8.1-py2.py3-none-any.whl (89kB)
Collecting pyOpenSSL==16.2.0 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 129))
  Downloading http://mirrors.aliyun.com/pypi/packages/ac/93/b4cd538d31adacd07f83013860db6b88d78755af1f3fefe68ec22d397e7b/pyOpenSSL-16.2.0-py2.py3-none-any.whl (43kB)
Collecting pyparsing==2.1.8 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 132))
  Downloading http://mirrors.aliyun.com/pypi/packages/85/b9/188515f35f78533b3f82966a2c3f1a71a86df8b801367ee75a77191a861d/pyparsing-2.1.8-py2.py3-none-any.whl (54kB)
Collecting pyRFC3339==1.0 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 141))
  Downloading http://mirrors.aliyun.com/pypi/packages/9b/0a/decfa17e7707afca17d6e9595ff5c79c1c71c74063ad95576f897ed3a9f1/pyRFC3339-1.0-py2.py3-none-any.whl
Collecting python-augeas==0.5.0 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 144))
  Downloading http://mirrors.aliyun.com/pypi/packages/41/e6/4b6740cb3e31b82252099994cea751c648b846aa7874343c31d68c2215be/python-augeas-0.5.0.tar.gz (90kB)
Collecting pytz==2015.7 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 146))
  Downloading http://mirrors.aliyun.com/pypi/packages/c0/28/973f0382c803b21734cd7e97e0590928148ee21b1cbe8f7fed8b506204fb/pytz-2015.7-py2.py3-none-any.whl (476kB)
Collecting requests==2.12.1 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 160))
  Downloading http://mirrors.aliyun.com/pypi/packages/9b/31/e9925a2b9a06f97c3450bac6107928d3533bfe64ca5615442504104321e8/requests-2.12.1-py2.py3-none-any.whl (574kB)
Collecting six==1.10.0 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 163))
  Downloading http://mirrors.aliyun.com/pypi/packages/c8/0a/b6723e1bc4c516cb687841499455a8505b44607ab535be01091c0f24f079/six-1.10.0-py2.py3-none-any.whl
Collecting traceback2==1.4.0 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 166))
  Downloading http://mirrors.aliyun.com/pypi/packages/17/0a/6ac05a3723017a967193456a2efa0aa9ac4b51456891af1e2353bb9de21e/traceback2-1.4.0-py2.py3-none-any.whl
Collecting unittest2==1.1.0 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 169))
  Downloading http://mirrors.aliyun.com/pypi/packages/72/20/7f0f433060a962200b7272b8c12ba90ef5b903e218174301d0abfd523813/unittest2-1.1.0-py2.py3-none-any.whl (96kB)
Collecting zope.component==4.2.2 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 172))
  Downloading http://mirrors.aliyun.com/pypi/packages/4c/c4/3f77127c876f49af478e8ea4dc223cda17730bb273c0d1606a4114c64008/zope.component-4.2.2.tar.gz (546kB)
Collecting zope.event==4.1.0 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 174))
  Downloading http://mirrors.aliyun.com/pypi/packages/0e/87/75e3d62a3506953c2e56d15a150de31e5d92310e87db2c8b102dc01b0b8e/zope.event-4.1.0.tar.gz (476kB)
Collecting zope.interface==4.1.3 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 176))
  Downloading http://mirrors.aliyun.com/pypi/packages/9d/81/2509ca3c6f59080123c1a8a97125eb48414022618cec0e64eb1313727bfe/zope.interface-4.1.3.tar.gz (141kB)
Collecting letsencrypt==0.7.0 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 202))
  Downloading http://mirrors.aliyun.com/pypi/packages/fd/21/0c6f33829fadec8aca0c1ebb4d6f8101c05899356a58d1b2e506cb77cf18/letsencrypt-0.7.0-py2-none-any.whl
Collecting certbot==0.24.0 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 206))
  Could not find a version that satisfies the requirement certbot==0.24.0 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 206)) (from versions: 0.6.0, 0.7.0, 0.8.0, 0.8.1, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.10.0, 0.10.1, 0.10.2, 0.11.0, 0.11.1, 0.12.0, 0.13.0, 0.14.0, 0.14.1, 0.14.2, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.18.1, 0.18.2, 0.19.0, 0.20.0, 0.21.0, 0.21.1, 0.22.0, 0.22.1, 0.22.2, 0.23.0)
No matching distribution found for certbot==0.24.0 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 206))
Had a problem while installing Python packages.

关键的内容是最后这一段：

  Could not find a version that satisfies the requirement certbot==0.24.0 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 206)) (from versions: 0.6.0, 0.7.0, 0.8.0, 0.8.1, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.10.0, 0.10.1, 0.10.2, 0.11.0, 0.11.1, 0.12.0, 0.13.0, 0.14.0, 0.14.1, 0.14.2, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.18.1, 0.18.2, 0.19.0, 0.20.0, 0.21.0, 0.21.1, 0.22.0, 0.22.1, 0.22.2, 0.23.0)
No matching distribution found for certbot==0.24.0 (from -r /tmp/tmp.GY8lPazOus/letsencrypt-auto-requirements.txt (line 206))
Had a problem while installing Python packages.

怎么办呢？

网上有说法是阿里云的源有问题，导致一些软件更新不正常。于是我把阿里云的源改为了网易163的源，但是问题依旧。

在github上有人遇到过类似的问题，但具体又和我有差异，他的报错是：

Could not find a version that satisfies the requirement acme is 0.10.0 (from -r /tmp/tmp.QkR9wXt106/letsencrypt-auto-requirements.txt (line 174)) (from versions: 0.0.0.dev20151006, 0.0.0.dev20151008, 0.0.0.dev20151017, 0.0.0.dev20151020, 0.0.0.dev20151021, 0.0.0.dev20151024, 0.0.0.dev20151030, 0.0.0.dev20151104, 0.0.0.dev20151107, 0.0.0.dev20151108, 0.0.0.dev20151114, 0.0.0.dev20151123, 0.0.0.dev20151201, 0.1.0, 0.1.1, 0.2.0, 0.3.0, 0.4.0, 0.4.1, 0.4.2, 0.5.0, 0.6.0, 0.7.0, 0.8.0, 0.8.1, 0.9.0, 0.9.1, 0.9.2, 0.9.3)

反正都是某个需要的东东版本太低。

这个答案下面有个人提供了解决方案，对我也有效。

This worked for me

git clone https://github.com/letsencrypt/letsencrypt/
cd letsencrypt
git reset --hard ce4e00569e6d8ed3d51c5a078d4281bec5f8e5f0 # see release page for more info
./letsencrypt-auto  --no-self-upgrade renew

具体来说就是重新下载了letsencrypt；然后git回退letsencrypt到指定版本；然后再执行renew，但是加上了

--no-self-upgrade

参数，即不要自作主张地去更新。

于是我的Letsencrypt更新脚本修正为：

if ! /home/dancen/letsencrypt/letsencrypt-auto --no-self-upgrade renew -nvv --standalone > /home/logs/letsencrypt/renew.log 2>&1 ; then
    echo Automated renewal failed:
    cat /home/logs/letsencrypt/renew.log
    exit 1
fi