CentOS 7.4.1708 (64bit)
centos 7 yum
sudo certbot --authenticator standalone --installer nginx --pre-hook "nginx -s stop" --post-hook "nginx"
output:
Traceback (most recent call last):
File "/bin/certbot", line 9, in <module>
load_entry_point('certbot==0.20.0', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 572, i n load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2755, in load_entry_point
return ep.load()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2408, in load
return self.resolve()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2414, in resolve
module = __import__(self.module_name, fromlist=['__name__'], level=0)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 19, in <module>
from certbot import client
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 11, in <module >
from acme import client as acme_client
File "/usr/lib/python2.7/site-packages/acme/client.py", line 32, in <module>
requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3() # type: i gnore
File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 112 , in inject_into_urllib3
_validate_dependencies_met()
File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 147 , in _validate_dependencies_met
raise ImportError("'pyOpenSSL' module missing required functionality. "
ImportError: 'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.
i excepted it to give me cert but it gave that error. already tried updating pyOpenSSL, but it didnt work
/var/log/letsencrypt
by default. Feel free to redact domains, e-mail and IP addresses as you see fit.Folder doesnt exist
upstream backend {
# the netdata server
server 127.0.0.1:19999;
keepalive 64;
}
server {
# nginx listens to this
listen 80;
# the virtual host name of this
server_name netdata.mydomain.fi;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
}
}
centos-release-7-4.1708.el7.centos.x86_64
ImportError: 'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.
upgrade pyOpenSSL 0.13.1
from to pyOpenSSL 17.5.0
when downgrade:
sudo pip install pyOpenSSL==0.15.1
same error
ImportError: 'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.
try pip install --upgrade --force-reinstall 'requests==2.6.0'
Do not mix yum
installed packages via pip
ones. The proper fix involves removing pip packages and install everything from yum
. I have outlined it here.
You do not need newer pyOpenSSL on CentOS 7 to run certbot!
pip uninstall requests
yum reinstall python-requests
pip uninstall six
yum reinstall python-six
pip uninstall urllib3
yum reinstall python-urllib3
This bug still persists in RHEL 7
Traceback (most recent call last):
File "/bin/certbot", line 9, in <module>
load_entry_point('certbot==0.22.2', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 558, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2682, in load_entry_point
return ep.load()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2355, in load
return self.resolve()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2361, in resolve
module = __import__(self.module_name, fromlist=['__name__'], level=0)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 20, in <module>
from certbot import client
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 13, in <module>
from acme import client as acme_client
File "/usr/lib/python2.7/site-packages/acme/client.py", line 33, in <module>
requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3() # type: ignore
File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 112, in inject_into_urllib3
_validate_dependencies_met()
File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 147, in _validate_dependencies_met
raise ImportError("'pyOpenSSL' module missing required functionality. "
ImportError: 'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.
So aggravating. I'm beginning to hate Centos.
Tried updating pyOpenSSL on CentOS, get the following error:
sudo pip install pyOpenSSL==0.15.1
Collecting pyOpenSSL==0.15.1
Downloading https://files.pythonhosted.org/packages/37/2f/840f2656e4bcf257cb814825bb751a9197ca6f39f1fa036ab111920ac7ef/pyOpenSSL-0.15.1-py2.py3-none-any.whl (102kB)
100% |████████████████████████████████| 112kB 1.9MB/s
Requirement already satisfied: six>=1.5.2 in /usr/lib/python2.7/site-packages (from pyOpenSSL==0.15.1) (1.9.0)
Requirement already satisfied: cryptography>=0.7 in /usr/lib64/python2.7/site-packages (from pyOpenSSL==0.15.1) (2.3.1)
Requirement already satisfied: idna>=2.1 in /usr/lib/python2.7/site-packages (from cryptography>=0.7->pyOpenSSL==0.15.1) (2.7)
Requirement already satisfied: enum34; python_version < "3" in /usr/lib/python2.7/site-packages (from cryptography>=0.7->pyOpenSSL==0.15.1) (1.0.4)
Requirement already satisfied: cffi!=1.11.3,>=1.7 in /usr/lib64/python2.7/site-packages (from cryptography>=0.7->pyOpenSSL==0.15.1) (1.11.5)
Requirement already satisfied: asn1crypto>=0.21.0 in /usr/lib/python2.7/site-packages (from cryptography>=0.7->pyOpenSSL==0.15.1) (0.24.0)
Requirement already satisfied: ipaddress; python_version < "3" in /usr/lib/python2.7/site-packages (from cryptography>=0.7->pyOpenSSL==0.15.1) (1.0.16)
Requirement already satisfied: pycparser in /usr/lib/python2.7/site-packages (from cffi!=1.11.3,>=1.7->cryptography>=0.7->pyOpenSSL==0.15.1) (2.14)
Installing collected packages: pyOpenSSL
Found existing installation: pyOpenSSL 0.13.1
Cannot uninstall 'pyOpenSSL'. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall.
A bit of context: the dist package for pyOpenSSL is at 0.13.1. to uninstall it in order to update it through pip - Yum makes me uninstall certbot. Considering certbot was the whole reason I need to update pyOpenSSL - kind of puts us in a catch 22.
yum info pyOpenSSL
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
For both debugging's sake as well as for the hell of it, I uninstalled the dist pyOpenSSL (and thusly certbot), did a pip install of pyOpenSSL, and reinstalled certbot. Yum overwrote pyOpenSSL 0.15.1 with 0.13.1....and same result when I try to renew with certbot.
I then attempted a sudo pip install --upgrade pyopenssl - and same error message about the distutils installed version.
No workaround today - guess my certs are going to expire then
acme.sh works, I've given up on certbot ;)
Guys, actually found a fix for this. I can't take credit for doing anything other than stumbling upon the article: https://medium.com/@getpagespeed/fix-importerror-pyopenssl-module-missing-required-functionality-e1c514797204
All credit to Danila Vershinin for finding the fix!
I can only add that if you have certbot and aws cli installed then it is very likely to have that issue.
from my quick research it seems that installing system packages as suggested break aws cli. fixing aws cli breaks certbot and etc so not fun really :)
Guys, actually found a fix for this. I can't take credit for doing anything other than stumbling upon the article: https://medium.com/@getpagespeed/fix-importerror-pyopenssl-module-missing-required-functionality-e1c514797204
All credit to Danila Vershinin for finding the fix!
Fix does not work for me - no pip packages installed and all the ones listed yum reports as already installed and up to date.
Regarding having aws cli and certbot on the same system.
It comes down to a conflicting version of urllib3.
awscli-1.16.81
requires urllib3-1.24.1
and python2-certbot-0.27.1-1.el7.noarch.rpm
works with urllib3-1.10.2
.
The newer version gives the aformentioned error.
I cannot get them to work together, even installing awscli
with --user
gives the same issues, as the newer urllib then gets placed in /root/.local/lib
and certbot
goes looking here as well ...
I cannot get them to work together, even installing awscli with --user gives the same issues, as the newer urllib then gets placed in /root/.local/lib and certbot goes looking here as well ...
Had the same problem with conflicting versions of urllib3 after installing aws cli. Eventually, after fixing certbot I installed aws cli using virtualenv.
https://docs.aws.amazon.com/cli/latest/userguide/install-virtualenv.html
Now, certbot and aws cli are both fine.
I also installed awscli using the bundled installer they provide, so that it is self-contained.
https://docs.aws.amazon.com/cli/latest/userguide/install-bundle.html
Another way around the the conflict between awscli and certbot is to install python36 and run awscli using it.
Can certbot package not install its python modules in its own environment or be less strict when it comes to version requirements?
Most helpful comment
try
pip install --upgrade --force-reinstall 'requests==2.6.0'