New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Running with 192MB RAM is not enough #1081

Closed
nagisa opened this Issue Oct 22, 2015 · 35 comments

Comments

Projects
None yet
@nagisa

nagisa commented Oct 22, 2015

python-cryptography apparently tries to compile a pretty big C binding or something like that, and gcc proceeds to ICE due to lack of free memory.

The letsencrypt-auto tool should know its memory requirements and ask whether you really want to proceed if you haven’t enough.

@DenisMir

This comment has been minimized.

DenisMir commented Nov 19, 2015

Got the same problem on a 512MB Digitalocean droplet. So no chance of testing it.

@centminmod

This comment has been minimized.

centminmod commented Nov 19, 2015

this could be problematic.. anything can be done about it ? I think 512MB minimum VPS size would be a good target to aim for.

@spede

This comment has been minimized.

spede commented Nov 21, 2015

Won't compile on a DO 512MB droplet even with --param ggc-min-expand=0 --param ggc-min-heapsize=8192. I think the only option for now is to wait for an operating system package.

@pde pde added this to the Wishlist milestone Nov 22, 2015

@pde

This comment has been minimized.

Member

pde commented Nov 22, 2015

OS packages are already available for Debian experimental, Arch, and FreeBSD. More should be on the way.

@pde

This comment has been minimized.

Member

pde commented Nov 22, 2015

But if you really need to work around this in the meantime, there are workarounds:

  1. You could also probably just rsync the venv directory ~/.local/share/letsencrypt from a machine with more RAM.
  2. Try making a swapfile to give yourself more memory. If your instance is spinning-disk-backed, this may be horribly slow, but SSD should be okay.
@nagisa

This comment has been minimized.

nagisa commented Nov 22, 2015

OS packages are already available for Debian experimental, Arch, and FreeBSD. More should be on the way.

The native package that’s giving trouble (python-cryptography) is already available on many distributions (notable exception being current LTS of Ubuntu), but of incompatible version (?).

You could also probably just rsync the venv directory ~/.local/share/letsencrypt from a machine with more RAM.

That’s way too naive. letsencrypt depends on native libraries and these must be properly cross-compiled to “just-work” after being copy-pasted.


That being said, it is pretty hard to make letsencrypt-auto to use already installed python packages. I had to do whole installation (into virtual environ) manually after installing all the dependencies from the OS.

Probably the first good step would be an option to use OS’s python packages that are available, only building and installing missing ones.

@spede

This comment has been minimized.

spede commented Nov 22, 2015

Gave the Debian package a go, and it seems python-letsencrypt has got a problem with it. python-letsencrypt : Dependencies: python-acme (= 0.0.0.dev20151114) but 0.0.0.dev20151114-1 is to be installed - it's asking explicitly for dev20151114 whereas the only package available is dev20151114-1.

Though this is only tangentially related to this ticket.

@liamim

This comment has been minimized.

Contributor

liamim commented Nov 24, 2015

Another full trace of the issue, provided by someone on IRC.

@centminmod

This comment has been minimized.

centminmod commented Dec 3, 2015

still an issue ? i only tested on 1GB VPS. minimum memory requirements ?

@huanga

This comment has been minimized.

huanga commented Dec 3, 2015

128M VPS on BuyVM crashing with the same problem. I only found out about this problem after searching for the error I was encountering. 128M is pitifully small, but it works great for tiny single web app that doesn't have a lot of traffic. I could upgrade to something larger, but that would be quite a waste. What is the target size LetsEncrypt is shooting to support?

@kuba

This comment has been minimized.

Contributor

kuba commented Dec 3, 2015

@huanga, one thing you could try is to build simp_le binary out of https://github.com/kuba/simp_le/tree/master/pyi and copy it over to your server - memory requirements should be minimal.

@centminmod

This comment has been minimized.

@alex

This comment has been minimized.

Collaborator

alex commented Dec 9, 2015

We're working on a fix for this in cffi+cryptography. Will update as
there's progress.

On Tue, Dec 8, 2015 at 8:23 PM, George Liu (eva2000) <
notifications@github.com> wrote:

another person hit
https://community.letsencrypt.org/t/letsencrypt-auto-error-errno-12-cannot-allocate-memory/6359/


Reply to this email directly or view it on GitHub
#1081 (comment)
.

"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: 125F 5C67 DFE9 4084

@centminmod

This comment has been minimized.

centminmod commented Dec 9, 2015

@alex cheers thanks for the heads up 👍

@coolaj86

This comment has been minimized.

Contributor

coolaj86 commented Dec 16, 2015

If you want something super lightweight and easy to install with few dependencies...

https://github.com/Daplie/node-letsencrypt-cli

# Install node.js
curl -L bit.ly/iojs-min | bash

# Install LetsEncrypt
npm install -g letsencrypt-cli

# get certs
letsencrypt certonly \
  --agree-tos --email john.doe@example.com \
  --standalone \
  --domains example.com,www.example.com \
  --server https://acme-staging.api.letsencrypt.org/directory \

# take a look
ls ~/letsencrypt/etc/live

We don't have all of the apache config and whatnot, but if you just want your certs quick and easy - especially on low-mem and low-power platforms (DO, RPi), it'll do.

@the7th

This comment has been minimized.

the7th commented Jan 14, 2016

One way I use to avoid this issue is by restarting my VM/droplet. worked with DigitalOcean 512MB.

@centminmod

This comment has been minimized.

centminmod commented Jan 16, 2016

any movement on this ? @bmw @jsha @pde

@macdonjo

This comment has been minimized.

macdonjo commented Jan 18, 2016

@the7th restarting your droplet gave you enough memory?

@the7th

This comment has been minimized.

the7th commented Jan 19, 2016

@macdonjo Yeah. Somehow it does. Try restarting your droplet. It "might" work.

@megasnort

This comment has been minimized.

megasnort commented Feb 2, 2016

I'm using a Digital Ocean 512Mb droplet to run three django apps through gunicorn/nginx. At first I did not get letsencrypt installed and got the error above. As soon as I shut the 3 apps down, installation went fine. Problem seems indeed to be memory related.

@planetjones

This comment has been minimized.

planetjones commented Feb 18, 2016

Same issue - I am trying to use on a 128MB VM. I can't increase swop past 64MB. I think lets encrypt should be usable even on low end boxes (Cent OS 6 - so maybe I need to wait for native packages?)

@feederror

This comment has been minimized.

feederror commented Mar 14, 2016

I was able to install certs on OpenVz/Ramnode 128MB RAM / 64 MB VRAM container with Ubuntu 14.04 32-bit.

The 32bit is the key. I was not able to install on Ubuntu 14.04 64-bit.

@pepa65

This comment has been minimized.

pepa65 commented Mar 17, 2016

Hitting this on Ramnode OpenVZ 128MB with 64-bit Ubuntu 14.04
Wondering how best to proceed: wait, try a different approach?

@planetjones

This comment has been minimized.

planetjones commented Mar 17, 2016

My issue was on ram node - thing is you can't increase the swap. I just switched to using a python client (acme client) and it is up and running ok on cent os 6

@pepa65

This comment has been minimized.

pepa65 commented Mar 17, 2016

Right, swap is fixed, can't be added even through a file.
Is there a howto somewhere on using the acme client?

@planetjones

This comment has been minimized.

planetjones commented Mar 17, 2016

Think I used this wrapper - then you only need Python and OpenSSL

https://github.com/diafygi/acme-tiny/blob/master/README.md

@controversial

This comment has been minimized.

controversial commented Apr 3, 2016

Same issue. On a 512MB droplet. I have swap space enabled (I think) but I still have the issue.

@Greenjam94

This comment has been minimized.

Greenjam94 commented Apr 11, 2016

Same issue on a 512MB Ubuntu droplet. I did the restart and it was able to run. The only things running on my server is a apache server, MySQL and irssi for IRC chats.

@Akiracr

This comment has been minimized.

Akiracr commented Apr 13, 2016

I have a DO of 512mb and it had had the same problem, I could solve it by creation of a swapfile

@DDecoene

This comment has been minimized.

DDecoene commented Apr 19, 2016

I was able to get is going by stopping (sudo service apache2 stop) the apache service and then running letsencrypt-auto on my debian wheezy. It really was due to memory. Hope this helps someone.

@controversial

This comment has been minimized.

controversial commented Apr 19, 2016

@DDecoene Worked for me.

@tifroz

This comment has been minimized.

tifroz commented Sep 26, 2016

+1 would really like to see this fixed. Right now we have to manually stop all running servers every time we need to renew in order to make it work, which defeats the automation

@pepa65

This comment has been minimized.

pepa65 commented Sep 26, 2016

I upgraded to from OpenVZ 128M+64M to KVM 512M and no longer have this problem. It would be nice to have letsencrypt-auto work on low-memory though for the affected systems/distros.

@bmw

This comment has been minimized.

Contributor

bmw commented Sep 26, 2016

@tifroz, this problem should only occur when installing or upgrading Certbot using {certbot,letsencrypt}-auto. If you're using one of the auto scripts, we generally recommend to provide --no-self-upgrade on the command line which will prevent the script and Certbot from auto updating which both increases stability and avoids this problem.

@tifroz

This comment has been minimized.

tifroz commented Oct 30, 2016

@bmw Thank you for the guidance. I can't seem to get the --no-self-upgrade to have any effect however. When executing ./certbot-auto renew --no-self-upgrade --quiet --dry-run --staging > "/var/log/apps/letsencrypt.log", I am getting this output (pruned for brevity):

Bootstrapping dependencies for Debian-based OSes...
Hit http://security.ubuntu.com trusty-security InRelease
...
Reading package lists...
...
The following extra packages will be installed:
  libssl1.0.0
The following packages will be upgraded:
  libssl-dev libssl1.0.0
2 upgraded, 0 newly installed, 0 to remove and 34 not upgraded.
Need to get 1,904 kB of archives.
After this operation, 6,144 B of additional disk space will be used.
Do you want to continue? [Y/n]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment