certbot for letsencrypt missing pyopenssl module

Question

I need help setting up the CertBot for LetsEncrypt

I am running on CentOS 7 with Python 2.7

When I run certbot I get the following error:

[root@li86-193 frappe-bench]#certbot certonly --manual

Traceback (most recent call last):
  File "/usr/bin/certbot", line 7, in <module>
    from certbot.main import main
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 21, in <module>
    from certbot import client
  File "/usr/lib/python2.7/site-packages/certbot/client.py", line 10, in <module>
    from acme import client as acme_client
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 31, in <module>
    requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3()
  File "/usr/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.py", line 112, in inject_into_urllib3
    _validate_dependencies_met()
  File "/usr/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.py", line 147, in _validate_dependencies_met
    raise ImportError("'pyOpenSSL' module missing required functionality. "
ImportError: 'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.

[root@li86-193 frappe-bench]# pip show certbot
Name: certbot
Version: 0.11.1
Summary: ACME client
Home-page: https://github.com/letsencrypt/letsencrypt
Author: Certbot Project
Author-email: client-dev@letsencrypt.org
License: Apache License 2.0
Location: /usr/lib/python2.7/site-packages
Requires: ConfigArgParse, configobj, zope.component, pytz, setuptools, cryptography, zope.interface, pyrfc3339, mock, parsedatetime, six, acme, PyOpenSSL

[root@li86-193 frappe-bench]# pip show pyopenssl
Name: pyOpenSSL
Version: 16.2.0
Summary: Python wrapper module around the OpenSSL library
Home-page: https://pyopenssl.readthedocs.io/
Author: Hynek Schlawack
Author-email: hs@ox.cx
License: Apache License, Version 2.0
Location: /usr/lib/python2.7/site-packages
Requires: six, cryptography

Please help out

Thank you

Please fix your post to be readable, the tracebacks are all messed up... Also, please include how you installed certbot, what you've done to try and get it to work so far and any information that might actually help us understand **why** you're getting this error. — Ginnungagap, Feb 02 '17 at 23:49

score 7 · Answer 1 · answered Feb 02 '17 at 23:56

7

Don't try to install certbot manually on CentOS/RHEL systems. It just makes a huge mess. Instead, install it from EPEL.

yum install epel-release
yum install certbot

answered Feb 02 '17 at 23:56

Michael Hampton

237,123
42
477
940

1

I installed from the epel, and am still getting the same problem – chrismarx Feb 23 '17 at 21:34
8

I run the EPEL certbot package and resolved this issue. Something else on my system had updated the 'requests' library to the latest (2.13.0 as of this writing), but the RPM that is installed as a dependency for certbot is 2.6.0. Compare versions for `pip list 2>/dev/null | grep requests` and `rpm -q python-requests --queryformat '%{VERSION}\n'`. If they're different, try `pip install --upgrade --force-reinstall 'requests==2.6.0'`. – Alan Ivey Apr 13 '17 at 17:08

score 4 · Answer 2 · answered Jun 24 '17 at 15:43

4

I experienced this same issue twice on 2 separate Centos7 systems in the last 2 months. This is what worked for me:

yum remove pyOpenSSL [This will remove certbot installed via epel]
yum install openssl-devel python-devel [May or may not actually be necessary]
pip install certbot
pip install certbot-apache

After completing these steps I was able to successfully renew my certificates with certbot.

answered Jun 24 '17 at 15:43

0x574F4F54

161
5

1

This worked. urllib3 gets confused between the pip installed and the yum installed versions of pyOpenSSL. Removing the yum packages and installing with pip appears to correct this. – scottlimmer Nov 27 '17 at 23:45
After applying those first three commands, I get the followin error: `UnknownExtra: requests 2.6.0 has no such extra feature 'security'` when I execute `$ certbot certonly ...` – Pathros May 16 '19 at 01:57
`yum install openssl-devel python-devel` is actually necessary, at least on the last CentOS 7 system I did this. – kap Jun 23 '21 at 09:45

score 3 · Answer 3 · answered Mar 29 '17 at 08:04

I'm running into the same issue. Using python venv I was able to get certbot working using pip.

Steps: Install virtualenv

pip install virtualenv --upgrade

Create a virtualenv

virtualenv -p /usr/bin/python2.7 certbot

Activate the certbot virtualenv

. /root/certbot/bin/activate

Your prompt might turn into something like this

(certbot) [root@hostname ~]#

Then pip install certbot

pip install certbot

Once complete you can test certbot command under the certbot virtualenv, but this is not practical if you are going to use cron to setup certbot renewals. So deactivate the virtual environment,

(certbot) [root@hostname ~]# deactivate

Now run the certbot command from

/root/certbot/bin/certbot

score 3 · Answer 4 · answered Jan 01 '18 at 01:40

3

The correct fix is:

mv /usr/lib64/python2.7/site-packages/OpenSSL /usr/lib64/python2.7/site-packages/pyOpenSSL

Thanks to cnritng frim github.

answered Jan 01 '18 at 01:40

Tim Duncklee

194
1
12

Did the magic right away. – j4hangir Jan 05 '20 at 13:04
this worked for me too – Ljubisa Livac Jun 07 '20 at 16:28

score 2 · Answer 5 · answered Feb 24 '17 at 01:34

2

This seems to be working for me.

Grab a rpm from here: http://rpm.pbone.net/index.php3/stat/4/idpl/31446026/dir/centos_7/com/pyOpenSSL-0.15.1-1.el7.noarch.rpm.html

wget ftp://ftp.muug.mb.ca/mirror/centos/7.2.1511/cloud/x86_64/openstack-mitaka/common/pyOpenSSL-0.15.1-1.el7.noarch.rpm
sudo rpm -Uvh pyOpenSSL-0.15.1-1.el7.noarch.rpm
sudo yum install certbot

answered Feb 24 '17 at 01:34

user353255

121
2

"ImportError: 'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer." I have encountered this problem and finally resolved by installing 'pyOpenSSL-0.15.1-1.el7.noarch.rpm' – kai.fantasy Mar 03 '17 at 06:52

score 1 · Answer 6 · answered Mar 23 '18 at 17:29

Do not mix yum installed packages via pip ones. The proper fix involves removing pip packages and install everything from yum. I have outlined it here.

You do not need newer pyOpenSSL on CentOS 7 to run certbot!

pip uninstall requests
yum reinstall python-requests

pip uninstall six
yum reinstall python-six

pip uninstall urllib3
yum reinstall python-urllib3

score 0 · Answer 7 · answered Feb 13 '17 at 10:39

0

I had the same problem in 0.9.3. It was caused by installing the nginx plugin.

You can easily reproduce a working installation:

docker run -it --rm centos:centos7 bash yum -y install epel-release yum -y install certbot certbot -h

answered Feb 13 '17 at 10:39

rhoerbe

1
1

any workaround? – chrismarx Feb 23 '17 at 21:33
Don't know where the issue was. I reinstalled the CentOS and it worked now :( – cs378 Mar 20 '17 at 04:35

score 0 · Answer 8 · answered May 31 '17 at 22:20

0

just made it work by running

sudo pip install pyOpenSSL==0.14.0

it removed the 0.13 version and installed the 0.14, then certbot just worked normally.

answered May 31 '17 at 22:20

ignivs

449
5
11

I get the following: `ERROR: Cannot uninstall 'pyOpenSSL'. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall.` – Pathros May 16 '19 at 01:53

score 0 · Answer 9 · answered Jun 01 '17 at 05:51

0

It seems that the version of the epel source is too old, you can remove the certbot of the yum version and pip install it

answered Jun 01 '17 at 05:51

yingjia

1
1

score -4 · Answer 10 · edited Mar 28 '17 at 17:50

-4

Instead certbot, the letsencrypt client solved for me the problem.

You can remove the other client(s)

pip uninstall certbot
pip uninstall pyopenssl

And then install letsencrypt:

pip install letsencrypt

edited Mar 28 '17 at 17:50

peterh

4,914
13
29
44

answered Mar 28 '17 at 16:21

Alexey K

1

certbot for letsencrypt missing pyopenssl module

10 Answers10