Certbot-auto problem on CentOS 6.9 “Error: Multilib version problems found”

Turns out "certbot-auto" updates itself and any necessary packages. Found the solution to this was to "yum erase openssl.i686 0:1.0.1e-57.el6" and then re-run certbot-auto to reinstall the necessary packages.

[root@box ~]# ./certbot-auto certonly -n -d mywebsite.co.uk -d www.mywebsite.co.uk --webroot --webroot-path /var/www/vhosts/mywebsite.co.uk/httpdocs
Bootstrapping dependencies for Legacy RedHat-based OSes that will use Python3... (you can skip this with --no-bootstrap)
yum is hashed (/usr/bin/yum)
yum is hashed (/usr/bin/yum)
Loaded plugins: priorities
Setting up Install Process
Package gcc-4.4.7-23.el6.x86_64 already installed and latest version
Package augeas-libs-1.0.0-10.el6.x86_64 already installed and latest version
Package libffi-devel-3.0.5-3.2.el6.x86_64 already installed and latest version
Package redhat-rpm-config-9.0.3-51.el6.centos.noarch already installed and latest version
Package 1:mod_ssl-2.2.15-69.el6.centos.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package ca-certificates.noarch 0:2018.2.22-65.1.el6 will be updated
---> Package ca-certificates.noarch 0:2019.2.32-65.1.el6_10 will be an update
---> Package openssl.x86_64 0:1.0.1e-57.el6 will be updated
---> Package openssl.x86_64 0:1.0.1e-58.el6_10 will be an update
---> Package openssl-devel.x86_64 0:1.0.1e-57.el6 will be updated
---> Package openssl-devel.x86_64 0:1.0.1e-58.el6_10 will be an update
---> Package rh-python36-python.x86_64 0:3.6.9-2.el6 will be installed
--> Processing Dependency: rh-python36-python-libs(x86-64) = 3.6.9-2.el6 for package: rh-python36-python-3.6.9-2.el6.x86_64
--> Processing Dependency: rh-python36-runtime for package: rh-python36-python-3.6.9-2.el6.x86_64
--> Processing Dependency: rh-python36-python-setuptools for package: rh-python36-python-3.6.9-2.el6.x86_64
--> Processing Dependency: rh-python36-python-pip for package: rh-python36-python-3.6.9-2.el6.x86_64
--> Processing Dependency: libpython3.6m.so.rh-python36-1.0()(64bit) for package: rh-python36-python-3.6.9-2.el6.x86_64
---> Package rh-python36-python-devel.x86_64 0:3.6.9-2.el6 will be installed
--> Processing Dependency: scl-utils-build for package: rh-python36-python-devel-3.6.9-2.el6.x86_64
---> Package rh-python36-python-virtualenv.noarch 0:15.1.0-2.el6 will be installed
--> Running transaction check
---> Package rh-python36-python-libs.x86_64 0:3.6.9-2.el6 will be installed
---> Package rh-python36-python-pip.noarch 0:9.0.1-2.el6 will be installed
---> Package rh-python36-python-setuptools.noarch 0:36.5.0-1.el6 will be installed
---> Package rh-python36-runtime.x86_64 0:2.0-1.el6 will be installed
---> Package scl-utils-build.x86_64 0:20120927-29.el6_9 will be installed
--> Processing Dependency: iso-codes for package: scl-utils-build-20120927-29.el6_9.x86_64
--> Running transaction check
---> Package iso-codes.noarch 0:3.16-2.el6 will be installed
--> Processing Dependency: xml-common for package: iso-codes-3.16-2.el6.noarch
--> Running transaction check
---> Package xml-common.noarch 0:0.6.3-33.el6 will be installed
--> Finished Dependency Resolution
Error: Multilib version problems found. This often means that the root
cause is something else and multilib version checking is just
pointing out that there is a problem. Eg.:

1. You have an upgrade for openssl which is missing some
dependency that another package requires. Yum is trying to
solve this by installing an older version of openssl of the
different architecture. If you exclude the bad architecture
yum will tell you what the root cause is (which package
requires what). You can try redoing the upgrade with
--exclude openssl.otherarch ... this should give you an error
message showing the root cause of the problem.

2. You have multiple architectures of openssl installed, but
yum can only see an upgrade for one of those arcitectures.
If you don't want/need both architectures anymore then you
can remove the one with the missing update and everything
will work.

3. You have duplicate versions of openssl installed already.
You can use "yum check" to get yum show these errors.

...you can also use --setopt=protected_multilib=false to remove
this checking, however this is almost never the correct thing to
do as something else is very likely to go wrong (often causing
much more problems).

Protected multilib versions: openssl-1.0.1e-58.el6_10.x86_64 != openssl-1.0.1e-57.el6.i686
Could not install OS dependencies. Aborting bootstrap!

NOTE: A bit of testing and found the error was to do with updating the openssl-1.0.1e-58.el6_10.x86_64, openssl.i686 0:1.0.1e-57.el6 AND openssl.i686 0:1.0.1e-58.el6_10 packages - trying to yum install or update them gave the same error.

[root@box ~]# yum update openssl-1.0.1e-57.el6.i686
Loaded plugins: priorities
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package openssl.i686 0:1.0.1e-57.el6 will be updated
---> Package openssl.i686 0:1.0.1e-58.el6_10 will be an update
--> Finished Dependency Resolution
Error: Multilib version problems found. This often means that the root
cause is something else and multilib version checking is just
pointing out that there is a problem. Eg.:

[root@box ~]# yum update openssl.i686 0:1.0.1e-58.el6_10
Loaded plugins: priorities
Setting up Update Process
No Match for argument: 0:1.0.1e-58.el6_10
No package 0:1.0.1e-58.el6_10 available.
Resolving Dependencies
--> Running transaction check
---> Package openssl.i686 0:1.0.1e-57.el6 will be updated
---> Package openssl.i686 0:1.0.1e-58.el6_10 will be an update
--> Finished Dependency Resolution
Error: Multilib version problems found. This often means that the root
cause is something else and multilib version checking is just
pointing out that there is a problem. Eg.:

NOTE: Checking what as installed using "rpm -qa" gave me the idea to remove the openssl.i686 0:1.0.1e-57.el6 package!

[root@box ~]# yum erase openssl.i686 0:1.0.1e-57.el6
Loaded plugins: priorities
Setting up Remove Process
No Match for argument: 0:1.0.1e-57.el6
Resolving Dependencies
--> Running transaction check
---> Package openssl.i686 0:1.0.1e-57.el6 will be erased
--> Processing Dependency: libcrypto.so.10 for package: miva-ssl-stub-1.0.1-0.287001.i386
--> Processing Dependency: libssl.so.10 for package: miva-ssl-stub-1.0.1-0.287001.i386
--> Running transaction check
---> Package miva-ssl-stub.i386 0:1.0.1-0.287001 will be erased
--> Finished Dependency Resolution
...
Dependency Removed:
miva-ssl-stub.i386 0:1.0.1-0.287001

Complete!

NOTE: Once that was done, it should be able to udate correctly. So run "certbot-auto" to update everything! It installed a bunch of new packages and updated the certificates correctly.

[root@box ~]# ./certbot-auto certonly -n -d intalite.co.uk -d www.intalite.co.uk --webroot --webroot-path /var/www/vhosts/intalite.co.uk/httpdocs
Bootstrapping dependencies for Legacy RedHat-based OSes that will use Python3... (you can skip this with --no-bootstrap)
yum is hashed (/usr/bin/yum)
yum is hashed (/usr/bin/yum)
...
Dependencies Resolved
...
Install 10 Package(s)
Upgrade 3 Package(s)
...
Complete!
Upgrading certbot-auto 1.1.0 to 1.2.0...
...
Installation succeeded.
...
- Congratulations! Your certificate and chain have been saved at:...

Done!

Leave a Reply