10

I need help setting up the CertBot for LetsEncrypt

I am running on CentOS 7 with Python 2.7

When I run certbot I get the following error:

[root@li86-193 frappe-bench]#certbot certonly --manual

Traceback (most recent call last):
  File "/usr/bin/certbot", line 7, in <module>
    from certbot.main import main
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 21, in <module>
    from certbot import client
  File "/usr/lib/python2.7/site-packages/certbot/client.py", line 10, in <module>
    from acme import client as acme_client
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 31, in <module>
    requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3()
  File "/usr/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.py", line 112, in inject_into_urllib3
    _validate_dependencies_met()
  File "/usr/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.py", line 147, in _validate_dependencies_met
    raise ImportError("'pyOpenSSL' module missing required functionality. "
ImportError: 'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.

[root@li86-193 frappe-bench]# pip show certbot
Name: certbot
Version: 0.11.1
Summary: ACME client
Home-page: https://github.com/letsencrypt/letsencrypt
Author: Certbot Project
Author-email: client-dev@letsencrypt.org
License: Apache License 2.0
Location: /usr/lib/python2.7/site-packages
Requires: ConfigArgParse, configobj, zope.component, pytz, setuptools, cryptography, zope.interface, pyrfc3339, mock, parsedatetime, six, acme, PyOpenSSL

[root@li86-193 frappe-bench]# pip show pyopenssl
Name: pyOpenSSL
Version: 16.2.0
Summary: Python wrapper module around the OpenSSL library
Home-page: https://pyopenssl.readthedocs.io/
Author: Hynek Schlawack
Author-email: hs@ox.cx
License: Apache License, Version 2.0
Location: /usr/lib/python2.7/site-packages
Requires: six, cryptography

Please help out

Thank you

MadHatter
  • 78,442
  • 20
  • 178
  • 229
cs378
  • 123
  • 1
  • 1
  • 7
  • Please fix your post to be readable, the tracebacks are all messed up... Also, please include how you installed certbot, what you've done to try and get it to work so far and any information that might actually help us understand **why** you're getting this error. – Ginnungagap Feb 02 '17 at 23:49
  • Please see my comment for the solution using virtualenv – Danie Mar 29 '17 at 08:05

10 Answers10

7

Don't try to install certbot manually on CentOS/RHEL systems. It just makes a huge mess. Instead, install it from EPEL.

yum install epel-release
yum install certbot
Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • 1
    I installed from the epel, and am still getting the same problem – chrismarx Feb 23 '17 at 21:34
  • 8
    I run the EPEL certbot package and resolved this issue. Something else on my system had updated the 'requests' library to the latest (2.13.0 as of this writing), but the RPM that is installed as a dependency for certbot is 2.6.0. Compare versions for `pip list 2>/dev/null | grep requests` and `rpm -q python-requests --queryformat '%{VERSION}\n'`. If they're different, try `pip install --upgrade --force-reinstall 'requests==2.6.0'`. – Alan Ivey Apr 13 '17 at 17:08
4

I experienced this same issue twice on 2 separate Centos7 systems in the last 2 months. This is what worked for me:

  • yum remove pyOpenSSL [This will remove certbot installed via epel]
  • yum install openssl-devel python-devel [May or may not actually be necessary]
  • pip install certbot
  • pip install certbot-apache

After completing these steps I was able to successfully renew my certificates with certbot.

0x574F4F54
  • 161
  • 5
  • 1
    This worked. urllib3 gets confused between the pip installed and the yum installed versions of pyOpenSSL. Removing the yum packages and installing with pip appears to correct this. – scottlimmer Nov 27 '17 at 23:45
  • After applying those first three commands, I get the followin error: `UnknownExtra: requests 2.6.0 has no such extra feature 'security'` when I execute `$ certbot certonly ...` – Pathros May 16 '19 at 01:57
  • `yum install openssl-devel python-devel` is actually necessary, at least on the last CentOS 7 system I did this. – kap Jun 23 '21 at 09:45
3

I'm running into the same issue. Using python venv I was able to get certbot working using pip.

Steps: Install virtualenv

pip install virtualenv --upgrade

Create a virtualenv

virtualenv -p /usr/bin/python2.7 certbot

Activate the certbot virtualenv

. /root/certbot/bin/activate

Your prompt might turn into something like this

(certbot) [root@hostname ~]#

Then pip install certbot

pip install certbot

Once complete you can test certbot command under the certbot virtualenv, but this is not practical if you are going to use cron to setup certbot renewals. So deactivate the virtual environment,

(certbot) [root@hostname ~]# deactivate

Now run the certbot command from

/root/certbot/bin/certbot
Danie
  • 1,350
  • 10
  • 12
3

The correct fix is:

mv /usr/lib64/python2.7/site-packages/OpenSSL /usr/lib64/python2.7/site-packages/pyOpenSSL

Thanks to cnritng frim github.

Tim Duncklee
  • 194
  • 1
  • 12
2

This seems to be working for me.

Grab a rpm from here: http://rpm.pbone.net/index.php3/stat/4/idpl/31446026/dir/centos_7/com/pyOpenSSL-0.15.1-1.el7.noarch.rpm.html

wget ftp://ftp.muug.mb.ca/mirror/centos/7.2.1511/cloud/x86_64/openstack-mitaka/common/pyOpenSSL-0.15.1-1.el7.noarch.rpm
sudo rpm -Uvh pyOpenSSL-0.15.1-1.el7.noarch.rpm
sudo yum install certbot
user353255
  • 121
  • 2
  • "ImportError: 'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer." I have encountered this problem and finally resolved by installing 'pyOpenSSL-0.15.1-1.el7.noarch.rpm' – kai.fantasy Mar 03 '17 at 06:52
1

Do not mix yum installed packages via pip ones. The proper fix involves removing pip packages and install everything from yum. I have outlined it here.

You do not need newer pyOpenSSL on CentOS 7 to run certbot!

pip uninstall requests
yum reinstall python-requests

pip uninstall six
yum reinstall python-six

pip uninstall urllib3
yum reinstall python-urllib3
Danila Vershinin
  • 4,738
  • 3
  • 16
  • 21
0

I had the same problem in 0.9.3. It was caused by installing the nginx plugin.

You can easily reproduce a working installation:

docker run -it --rm centos:centos7 bash yum -y install epel-release yum -y install certbot certbot -h

rhoerbe
  • 1
  • 1
0

just made it work by running

sudo pip install pyOpenSSL==0.14.0

it removed the 0.13 version and installed the 0.14, then certbot just worked normally.

ignivs
  • 449
  • 5
  • 11
  • I get the following: `ERROR: Cannot uninstall 'pyOpenSSL'. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall.` – Pathros May 16 '19 at 01:53
0

It seems that the version of the epel source is too old, you can remove the certbot of the yum version and pip install it

yingjia
  • 1
  • 1
-4

Instead certbot, the letsencrypt client solved for me the problem.

You can remove the other client(s)

pip uninstall certbot
pip uninstall pyopenssl

And then install letsencrypt:

pip install letsencrypt
peterh
  • 4,914
  • 13
  • 29
  • 44