Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Running with 192MB RAM is not enough #1081

Closed
nagisa opened this issue Oct 22, 2015 · 36 comments
Closed

Running with 192MB RAM is not enough #1081

nagisa opened this issue Oct 22, 2015 · 36 comments

Comments

@nagisa
Copy link

@nagisa nagisa commented Oct 22, 2015

python-cryptography apparently tries to compile a pretty big C binding or something like that, and gcc proceeds to ICE due to lack of free memory.

The letsencrypt-auto tool should know its memory requirements and ask whether you really want to proceed if you haven’t enough.

@DenisMir
Copy link

@DenisMir DenisMir commented Nov 19, 2015

Got the same problem on a 512MB Digitalocean droplet. So no chance of testing it.

@centminmod
Copy link

@centminmod centminmod commented Nov 19, 2015

this could be problematic.. anything can be done about it ? I think 512MB minimum VPS size would be a good target to aim for.

@spede
Copy link

@spede spede commented Nov 21, 2015

Won't compile on a DO 512MB droplet even with --param ggc-min-expand=0 --param ggc-min-heapsize=8192. I think the only option for now is to wait for an operating system package.

@pde pde added this to the Wishlist milestone Nov 22, 2015
@pde
Copy link
Member

@pde pde commented Nov 22, 2015

OS packages are already available for Debian experimental, Arch, and FreeBSD. More should be on the way.

@pde
Copy link
Member

@pde pde commented Nov 22, 2015

But if you really need to work around this in the meantime, there are workarounds:

  1. You could also probably just rsync the venv directory ~/.local/share/letsencrypt from a machine with more RAM.
  2. Try making a swapfile to give yourself more memory. If your instance is spinning-disk-backed, this may be horribly slow, but SSD should be okay.

@nagisa
Copy link
Author

@nagisa nagisa commented Nov 22, 2015

OS packages are already available for Debian experimental, Arch, and FreeBSD. More should be on the way.

The native package that’s giving trouble (python-cryptography) is already available on many distributions (notable exception being current LTS of Ubuntu), but of incompatible version (?).

You could also probably just rsync the venv directory ~/.local/share/letsencrypt from a machine with more RAM.

That’s way too naive. letsencrypt depends on native libraries and these must be properly cross-compiled to “just-work” after being copy-pasted.


That being said, it is pretty hard to make letsencrypt-auto to use already installed python packages. I had to do whole installation (into virtual environ) manually after installing all the dependencies from the OS.

Probably the first good step would be an option to use OS’s python packages that are available, only building and installing missing ones.

@spede
Copy link

@spede spede commented Nov 22, 2015

Gave the Debian package a go, and it seems python-letsencrypt has got a problem with it. python-letsencrypt : Dependencies: python-acme (= 0.0.0.dev20151114) but 0.0.0.dev20151114-1 is to be installed - it's asking explicitly for dev20151114 whereas the only package available is dev20151114-1.

Though this is only tangentially related to this ticket.

@erinzm
Copy link
Contributor

@erinzm erinzm commented Nov 24, 2015

Another full trace of the issue, provided by someone on IRC.

@centminmod
Copy link

@centminmod centminmod commented Dec 3, 2015

still an issue ? i only tested on 1GB VPS. minimum memory requirements ?

@huanga
Copy link

@huanga huanga commented Dec 3, 2015

128M VPS on BuyVM crashing with the same problem. I only found out about this problem after searching for the error I was encountering. 128M is pitifully small, but it works great for tiny single web app that doesn't have a lot of traffic. I could upgrade to something larger, but that would be quite a waste. What is the target size LetsEncrypt is shooting to support?

@kuba
Copy link
Contributor

@kuba kuba commented Dec 3, 2015

@huanga, one thing you could try is to build simp_le binary out of https://github.com/kuba/simp_le/tree/master/pyi and copy it over to your server - memory requirements should be minimal.

@alex
Copy link
Collaborator

@alex alex commented Dec 9, 2015

We're working on a fix for this in cffi+cryptography. Will update as
there's progress.

On Tue, Dec 8, 2015 at 8:23 PM, George Liu (eva2000) <
notifications@github.com> wrote:

another person hit
https://community.letsencrypt.org/t/letsencrypt-auto-error-errno-12-cannot-allocate-memory/6359/


Reply to this email directly or view it on GitHub
#1081 (comment)
.

"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: 125F 5C67 DFE9 4084

@centminmod
Copy link

@centminmod centminmod commented Dec 9, 2015

@alex cheers thanks for the heads up 👍

@coolaj86
Copy link
Contributor

@coolaj86 coolaj86 commented Dec 16, 2015

If you want something super lightweight and easy to install with few dependencies...

https://github.com/Daplie/node-letsencrypt-cli

# Install node.js
curl -L bit.ly/iojs-min | bash

# Install LetsEncrypt
npm install -g letsencrypt-cli

# get certs
letsencrypt certonly \
  --agree-tos --email john.doe@example.com \
  --standalone \
  --domains example.com,www.example.com \
  --server https://acme-staging.api.letsencrypt.org/directory \

# take a look
ls ~/letsencrypt/etc/live

We don't have all of the apache config and whatnot, but if you just want your certs quick and easy - especially on low-mem and low-power platforms (DO, RPi), it'll do.

@the7th
Copy link

@the7th the7th commented Jan 14, 2016

One way I use to avoid this issue is by restarting my VM/droplet. worked with DigitalOcean 512MB.

@centminmod
Copy link

@centminmod centminmod commented Jan 16, 2016

any movement on this ? @bmw @jsha @pde

@macdonjo
Copy link

@macdonjo macdonjo commented Jan 18, 2016

@the7th restarting your droplet gave you enough memory?

@the7th
Copy link

@the7th the7th commented Jan 19, 2016

@macdonjo Yeah. Somehow it does. Try restarting your droplet. It "might" work.

@megasnort
Copy link

@megasnort megasnort commented Feb 2, 2016

I'm using a Digital Ocean 512Mb droplet to run three django apps through gunicorn/nginx. At first I did not get letsencrypt installed and got the error above. As soon as I shut the 3 apps down, installation went fine. Problem seems indeed to be memory related.

@planetjones
Copy link

@planetjones planetjones commented Feb 18, 2016

Same issue - I am trying to use on a 128MB VM. I can't increase swop past 64MB. I think lets encrypt should be usable even on low end boxes (Cent OS 6 - so maybe I need to wait for native packages?)

@feederror
Copy link

@feederror feederror commented Mar 14, 2016

I was able to install certs on OpenVz/Ramnode 128MB RAM / 64 MB VRAM container with Ubuntu 14.04 32-bit.

The 32bit is the key. I was not able to install on Ubuntu 14.04 64-bit.

@pepa65
Copy link

@pepa65 pepa65 commented Mar 17, 2016

Hitting this on Ramnode OpenVZ 128MB with 64-bit Ubuntu 14.04
Wondering how best to proceed: wait, try a different approach?

@planetjones
Copy link

@planetjones planetjones commented Mar 17, 2016

My issue was on ram node - thing is you can't increase the swap. I just switched to using a python client (acme client) and it is up and running ok on cent os 6

@pepa65
Copy link

@pepa65 pepa65 commented Mar 17, 2016

Right, swap is fixed, can't be added even through a file.
Is there a howto somewhere on using the acme client?

@planetjones
Copy link

@planetjones planetjones commented Mar 17, 2016

Think I used this wrapper - then you only need Python and OpenSSL

https://github.com/diafygi/acme-tiny/blob/master/README.md

@controversial
Copy link

@controversial controversial commented Apr 3, 2016

Same issue. On a 512MB droplet. I have swap space enabled (I think) but I still have the issue.

@Greenjam94
Copy link

@Greenjam94 Greenjam94 commented Apr 11, 2016

Same issue on a 512MB Ubuntu droplet. I did the restart and it was able to run. The only things running on my server is a apache server, MySQL and irssi for IRC chats.

@Akiracr
Copy link

@Akiracr Akiracr commented Apr 13, 2016

I have a DO of 512mb and it had had the same problem, I could solve it by creation of a swapfile

@DDecoene
Copy link

@DDecoene DDecoene commented Apr 19, 2016

I was able to get is going by stopping (sudo service apache2 stop) the apache service and then running letsencrypt-auto on my debian wheezy. It really was due to memory. Hope this helps someone.

@controversial
Copy link

@controversial controversial commented Apr 19, 2016

@DDecoene Worked for me.

@tifroz
Copy link

@tifroz tifroz commented Sep 26, 2016

+1 would really like to see this fixed. Right now we have to manually stop all running servers every time we need to renew in order to make it work, which defeats the automation

@pepa65
Copy link

@pepa65 pepa65 commented Sep 26, 2016

I upgraded to from OpenVZ 128M+64M to KVM 512M and no longer have this problem. It would be nice to have letsencrypt-auto work on low-memory though for the affected systems/distros.

@bmw
Copy link
Member

@bmw bmw commented Sep 26, 2016

@tifroz, this problem should only occur when installing or upgrading Certbot using {certbot,letsencrypt}-auto. If you're using one of the auto scripts, we generally recommend to provide --no-self-upgrade on the command line which will prevent the script and Certbot from auto updating which both increases stability and avoids this problem.

@tifroz
Copy link

@tifroz tifroz commented Oct 30, 2016

@bmw Thank you for the guidance. I can't seem to get the --no-self-upgrade to have any effect however. When executing ./certbot-auto renew --no-self-upgrade --quiet --dry-run --staging > "/var/log/apps/letsencrypt.log", I am getting this output (pruned for brevity):

Bootstrapping dependencies for Debian-based OSes...
Hit http://security.ubuntu.com trusty-security InRelease
...
Reading package lists...
...
The following extra packages will be installed:
  libssl1.0.0
The following packages will be upgraded:
  libssl-dev libssl1.0.0
2 upgraded, 0 newly installed, 0 to remove and 34 not upgraded.
Need to get 1,904 kB of archives.
After this operation, 6,144 B of additional disk space will be used.
Do you want to continue? [Y/n]

@bmw bmw closed this in #4978 Aug 1, 2017
@bmw bmw added this to the 0.17.0 milestone Aug 1, 2017
@bmw bmw removed this from the Wishlist milestone Aug 1, 2017
@gabeluci
Copy link

@gabeluci gabeluci commented Jul 16, 2020

I managed to solve this issue by renewing one cert at a time.

This bash script will use certbot certificates to find all the certificate names, then renew each one separately:

#!/bin/bash

for cert in `certbot certificates 2>/dev/null | grep "Certificate Name:" | cut -d: -f2-`
do
    certbot renew -q --cert-name $cert
done

I ran this on a cheap VPS with 128MB of RAM and 8 certificates. It worked without having to stop Apache.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet