New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AttributeError: 'module' object has no attribute 'SSL_set_tlsext_host_name' #1333

Closed
TheBigBear opened this Issue Nov 4, 2015 · 15 comments

Comments

Projects
None yet
9 participants
@TheBigBear
Copy link

TheBigBear commented Nov 4, 2015

if I run a ./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory auth

I only get a:

[root@www letsencrypt]# ./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory auth
Updating letsencrypt and virtual environment dependencies...Exception:
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/basecommand.py", line 211, in main
    status = self.run(options, args)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/commands/install.py", line 294, in run
    requirement_set.prepare_files(finder)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/req/req_set.py", line 334, in prepare_files
    functools.partial(self._prepare_file, finder))
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/req/req_set.py", line 321, in _walk_req_to_install
    more_reqs = handler(req_to_install)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/req/req_set.py", line 409, in _prepare_file
    req_to_install, finder)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/req/req_set.py", line 365, in _check_skip_installed
    finder.find_requirement(req_to_install, self.upgrade)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/index.py", line 486, in find_requirement
    all_versions = self._find_all_versions(req.name)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/index.py", line 404, in _find_all_versions
    index_locations = self._get_index_urls_locations(project_name)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/index.py", line 378, in _get_index_urls_locations
    page = self._get_page(main_index_url)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/index.py", line 818, in _get_page
    return HTMLPage.get_page(link, session=self.session)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/index.py", line 928, in get_page
    "Cache-Control": "max-age=600",
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/_vendor/requests/sessions.py", line 477, in get
    return self.request('GET', url, **kwargs)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/download.py", line 373, in request
    return super(PipSession, self).request(method, url, *args, **kwargs)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/_vendor/requests/sessions.py", line 465, in request
    resp = self.send(prep, **send_kwargs)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/_vendor/requests/sessions.py", line 573, in send
    r = adapter.send(request, **kwargs)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/_vendor/cachecontrol/adapter.py", line 46, in send
    resp = super(CacheControlAdapter, self).send(request, **kw)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/_vendor/requests/adapters.py", line 370, in send
    timeout=timeout
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/_vendor/requests/packages/urllib3/connectionpool.py", line 544, in urlopen
    body=body, headers=headers)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/_vendor/requests/packages/urllib3/connectionpool.py", line 341, in _make_request
    self._validate_conn(conn)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/_vendor/requests/packages/urllib3/connectionpool.py", line 761, in _validate_conn
    conn.connect()
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/_vendor/requests/packages/urllib3/connection.py", line 238, in connect
    ssl_version=resolved_ssl_version)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/pip-7.1.2-py2.7.egg/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.py", line 279, in ssl_wrap_socket
    cnx.set_tlsext_host_name(server_hostname)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1237, in set_tlsext_host_name
    _lib.SSL_set_tlsext_host_name(self._ssl, name)
AttributeError: 'module' object has no attribute 'SSL_set_tlsext_host_name'
@kuba

This comment has been minimized.

Copy link
Contributor

kuba commented Nov 4, 2015

Your OS? OpenSSL version?

@kuba kuba added the more-info label Nov 4, 2015

@TheBigBear

This comment has been minimized.

Copy link

TheBigBear commented Nov 4, 2015

OS:

[root@www ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 5.11 (Tikanga)
# This is a "SLES Expanded Support platform release 5.11"
# The above "Red Hat Enterprise Linux Server" string is only used to 
# keep software compatibility.

uname -a:

Linux www.example.com 2.6.18-238.49.1.el5 #1 SMP Thu Mar 14 12:45:00 EDT 2013 x86_64 x86_64 x86_64 GNU/Linux

rpm -qa | grep -i openssl:

[root@www ~]# rpm -qa | grep -i openssl
openssl-0.9.8e-36.el5_11
openssl097a-0.9.7a-12.el5_10.1
pyOpenSSL-0.6-2.el5
openssl-0.9.8e-36.el5_11
openssl-devel-0.9.8e-36.el5_11
@TheBigBear

This comment has been minimized.

Copy link

TheBigBear commented Nov 6, 2015

OK, I searched some more and found that the cryptography wheel didn't build with error of: "Failed building wheel for cryptography"

./letsencrypt-auto --verbose

Updating letsencrypt and virtual environment dependencies...
Collecting setuptools
  Using cached setuptools-18.5-py2.py3-none-any.whl
Installing collected packages: setuptools
  Found existing installation: setuptools 18.2
    Uninstalling setuptools-18.2:
      Successfully uninstalled setuptools-18.2
Successfully installed setuptools-18.5

<cut some lines>

 Searching for pycparser
  Reading https://pypi.python.org/simple/pycparser/
  Best match: pycparser 2.14
  Downloading https://pypi.python.org/packages/source/p/pycparser/pycparser-2.14.tar.gz#md5=a2bc8d28c923b4fe2b2c3b4b51a4f935
  Processing pycparser-2.14.tar.gz
  Writing /tmp/easy_install-BPnAEB/pycparser-2.14/setup.cfg
  Running pycparser-2.14/setup.py -q bdist_egg --dist-dir /tmp/easy_install-BPnAEB/pycparser-2.14/egg-dist-tmp-2DEPKf
  warning: no previously-included files matching 'yacctab.*' found under directory 'tests'
  warning: no previously-included files matching 'lextab.*' found under directory 'tests'
  warning: no previously-included files matching 'yacctab.*' found under directory 'examples'
  warning: no previously-included files matching 'lextab.*' found under directory 'examples'
  zip_safe flag not set; analyzing archive contents...
  Moving pycparser-2.14-py2.7.egg to /tmp/pip-build-exMrKY/cryptography/.eggs

  Installed /tmp/pip-build-exMrKY/cryptography/.eggs/pycparser-2.14-py2.7.egg
  Traceback (most recent call last):
    File "<string>", line 1, in <module>
    File "/tmp/pip-build-exMrKY/cryptography/setup.py", line 318, in <module>
      **keywords_with_side_effects(sys.argv)
    File "/usr/lib64/python2.7/distutils/core.py", line 111, in setup
      _setup_distribution = dist = klass(attrs)
    File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/setuptools/dist.py", line 272, in __init__
      _Distribution.__init__(self,attrs)
    File "/usr/lib64/python2.7/distutils/dist.py", line 287, in __init__
      self.finalize_options()
    File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/setuptools/dist.py", line 327, in finalize_options
      ep.load()(self, ep.name, value)
    File "/tmp/pip-build-exMrKY/cryptography/.eggs/cffi-1.3.0-py2.7-linux-x86_64.egg/cffi/setuptools_ext.py", line 161, in cffi_modules
      add_cffi_module(dist, cffi_module)
    File "/tmp/pip-build-exMrKY/cryptography/.eggs/cffi-1.3.0-py2.7-linux-x86_64.egg/cffi/setuptools_ext.py", line 48, in add_cffi_module
      execfile(build_file_name, mod_vars)
    File "/tmp/pip-build-exMrKY/cryptography/.eggs/cffi-1.3.0-py2.7-linux-x86_64.egg/cffi/setuptools_ext.py", line 24, in execfile
      exec(code, glob, glob)
    File "src/_cffi_src/build_openssl.py", line 95, in <module>
      extra_link_args=extra_link_args(sys.platform),
    File "/tmp/pip-build-exMrKY/cryptography/src/_cffi_src/utils.py", line 62, in build_ffi_for_binding
      extra_link_args=extra_link_args,
    File "/tmp/pip-build-exMrKY/cryptography/src/_cffi_src/utils.py", line 70, in build_ffi
      ffi = FFI()
    File "/tmp/pip-build-exMrKY/cryptography/.eggs/cffi-1.3.0-py2.7-linux-x86_64.egg/cffi/api.py", line 56, in __init__
      import _cffi_backend as backend
  ImportError: /tmp/pip-build-exMrKY/cryptography/.eggs/cffi-1.3.0-py2.7-linux-x86_64.egg/_cffi_backend.so: failed to map segment from shared object: Operation not permitted

  ----------------------------------------
  Failed building wheel for cryptography
@TheBigBear

This comment has been minimized.

Copy link

TheBigBear commented Nov 6, 2015

@kuba OK, now I got all the parts building without any errors. But I still end up with the error:

"AttributeError: 'module' object has no attribute 'SSL_set_tlsext_host_name'"

[root@www ~]# git clone https://github.com/letsencrypt/letsencrypt
Cloning into 'letsencrypt'...
remote: Counting objects: 22842, done.
remote: Compressing objects: 100% (21/21), done.
remote: Total 22842 (delta 10), reused 0 (delta 0), pack-reused 22821
Receiving objects: 100% (22842/22842), 5.90 MiB | 1.70 MiB/s, done.
Resolving deltas: 100% (15888/15888), done.
[root@www ~]# cd letsencrypt/
[root@www letsencrypt]# sed -i "s|--python python2|--python python2.7|" letsencrypt-auto
[root@www letsencrypt]# virtualenv-2.7 /root/.local/share/letsencrypt
New python executable in /root/.local/share/letsencrypt/bin/python2.7
Also creating executable in /root/.local/share/letsencrypt/bin/python
Installing setuptools, pip, wheel...done.
[root@www letsencrypt]# source /root/.local/share/letsencrypt/bin/activate
(letsencrypt)[root@www letsencrypt]# 
(letsencrypt)[root@www letsencrypt]# ./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory --verbose certonly
Updating letsencrypt and virtual environment dependencies...
Collecting setuptools
  Using cached setuptools-18.5-py2.py3-none-any.whl
Installing collected packages: setuptools
  Found existing installation: setuptools 18.2
    Uninstalling setuptools-18.2:
      Successfully uninstalled setuptools-18.2
Successfully installed setuptools-18.5
Requirement already up-to-date: pip in /root/.local/share/letsencrypt/lib/python2.7/site-packages
Collecting letsencrypt
  Using cached letsencrypt-0.0.0.dev20151104-py2-none-any.whl
Collecting letsencrypt-apache
  Using cached letsencrypt_apache-0.0.0.dev20151104-py2-none-any.whl
Collecting ConfigArgParse from git+https://github.com/kuba/ConfigArgParse.git@python2.6-0.9.3#egg=ConfigArgParse (from -r py26reqs.txt (line 1))
  Cloning https://github.com/kuba/ConfigArgParse.git (to python2.6-0.9.3) to /tmp/pip-build-_Wxw5Z/ConfigArgParse
Collecting zope.interface (from letsencrypt)
Requirement already up-to-date: setuptools in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt)
Collecting python2-pythondialog>=3.2.2rc1 (from letsencrypt)
Collecting PyOpenSSL (from letsencrypt)
  Using cached pyOpenSSL-0.15.1-py2.py3-none-any.whl
Collecting requests (from letsencrypt)
  Using cached requests-2.8.1-py2.py3-none-any.whl
Collecting parsedatetime (from letsencrypt)
  Using cached parsedatetime-1.5-py2-none-any.whl
Collecting configobj (from letsencrypt)
Collecting pytz (from letsencrypt)
  Using cached pytz-2015.7-py2.py3-none-any.whl
Collecting psutil>=2.1.0 (from letsencrypt)
Collecting six (from letsencrypt)
  Using cached six-1.10.0-py2.py3-none-any.whl
Collecting cryptography>=0.7 (from letsencrypt)
Collecting zope.component (from letsencrypt)
Collecting mock (from letsencrypt)
  Using cached mock-1.3.0-py2.py3-none-any.whl
Collecting acme==0.0.0.dev20151104 (from letsencrypt)
  Using cached acme-0.0.0.dev20151104-py2-none-any.whl
Collecting pyrfc3339 (from letsencrypt)
Collecting python-augeas (from letsencrypt-apache)
Collecting enum34 (from cryptography>=0.7->letsencrypt)
Collecting ipaddress (from cryptography>=0.7->letsencrypt)
  Using cached ipaddress-1.0.14-py27-none-any.whl
Collecting pyasn1>=0.1.8 (from cryptography>=0.7->letsencrypt)
  Using cached pyasn1-0.1.9-py2.py3-none-any.whl
Collecting idna>=2.0 (from cryptography>=0.7->letsencrypt)
  Using cached idna-2.0-py2.py3-none-any.whl
Collecting cffi>=1.1.0 (from cryptography>=0.7->letsencrypt)
Collecting zope.event (from zope.component->letsencrypt)
Collecting funcsigs (from mock->letsencrypt)
  Using cached funcsigs-0.4-py2.py3-none-any.whl
Collecting pbr>=0.11 (from mock->letsencrypt)
  Using cached pbr-1.8.1-py2.py3-none-any.whl
Collecting ndg-httpsclient (from acme==0.0.0.dev20151104->letsencrypt)
Collecting werkzeug (from acme==0.0.0.dev20151104->letsencrypt)
  Using cached Werkzeug-0.10.4-py2.py3-none-any.whl
Collecting pycparser (from cffi>=1.1.0->cryptography>=0.7->letsencrypt)
Installing collected packages: zope.interface, python2-pythondialog, six, enum34, ipaddress, pyasn1, idna, pycparser, cffi, cryptography, PyOpenSSL, requests, ConfigArgParse, parsedatetime, configobj, pytz, psutil, zope.event, zope.component, funcsigs, pbr, mock, ndg-httpsclient, werkzeug, pyrfc3339, acme, letsencrypt, python-augeas, letsencrypt-apache
  Running setup.py install for ConfigArgParse
Successfully installed ConfigArgParse-0.9.3 PyOpenSSL-0.15.1 acme-0.0.0.dev20151104 cffi-1.3.0 configobj-5.0.6 cryptography-1.1 enum34-1.0.4 funcsigs-0.4 idna-2.0 ipaddress-1.0.14 letsencrypt-0.0.0.dev20151104 letsencrypt-apache-0.0.0.dev20151104 mock-1.3.0 ndg-httpsclient-0.4.0 parsedatetime-1.5 pbr-1.8.1 psutil-3.2.2 pyasn1-0.1.9 pycparser-2.14 pyrfc3339-0.2 python-augeas-0.5.0 python2-pythondialog-3.3.0 pytz-2015.7 requests-2.8.1 six-1.10.0 werkzeug-0.10.4 zope.component-4.2.2 zope.event-4.1.0 zope.interface-4.1.3
Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory --verbose certonly
Version: 1.0-20051107

























                                                         ┌──────────────────────────────────────────────────────────────────────┐
                                                         │ Saving debug log to /var/log/letsencrypt/letsencrypt.log             │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         └──────────────────────────────────────────────────────────────────────┘  

Version: 1.0-20051107































                                                         ┌──────────────────────────────────────────────────────────────────────┐
                                                         │ Enter email address (used for urgent notices and lost key recovery)  │  
                                                         │ ┌──────────────────────────────────────────────────────────────────┐ │  
                                                         │ │xxxxxx.yyyyyyy@gmail.com                                                 │ │  
                                                         │ └──────────────────────────────────────────────────────────────────┘ │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         ├──────────────────────────────────────────────────────────────────────┤  
                                                         │                     <  OK  >           <Cancel>                      │  
                                                         └──────────────────────────────────────────────────────────────────────┘  
































                                                         ┌──────────────────────────────────────────────────────────────────────┐
                                                         │ Saving debug log to /var/log/letsencrypt/letsencrypt.log             │  
                                                         │ Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         │                                                                      │  
                                                         └──────────────────────────────────────────────────────────────────────┘  

An unexpected error occurred.
AttributeError: 'module' object has no attribute 'SSL_set_tlsext_host_name'
Please see the logfiles in /var/log/letsencrypt for more details.
@TheBigBear

This comment has been minimized.

Copy link

TheBigBear commented Nov 10, 2015

@kuba, ok, so how do I get past this error "AttributeError: 'module' object has no attribute 'SSL_set_tlsext_host_name'"
Do you need any more info from me?

@bmw

This comment has been minimized.

Copy link
Contributor

bmw commented Nov 10, 2015

@TheBigBear, can you include the logs from the run where you saw AttributeError: 'module' object has no attribute 'SSL_set_tlsext_host_name'? If you don't want to look through the different log files, assuming you're getting the same error, just run the client again with -vv --debug -t on the command line and include the output here.

@antmd

This comment has been minimized.

Copy link

antmd commented Nov 10, 2015

I just encountered the same issue with AttributeError: 'module' object has no attribute 'SSL_set_tlsext_host_name'. It looks like SSL_set_tlsext_host_name was introduced in 0.9.8f of OpenSSL (see https://www.openssl.org/news/cl098.txt). Unfortunately CentOS 5 (which my VPS is on) has 0.9.8e in yum. I guess I need to look at building 0.9.8f myself.

@antmd

This comment has been minimized.

Copy link

antmd commented Nov 10, 2015

FYI, I couldn't upgrade SSL easily, so I made the following workaround:

cd ~/.local/share/letsencrypt
. bin/activate
pip uninstall pyopenssl
pip install pyopenssl==0.12

then I edited ~/.local/share/letsencrypt/lib/python2.7/site-packages/OpenSSL/SSL.py and commented out the line mentioning set_tlsext_host_name (line 1237)

and the same for ~/.local/share/letsencrypt/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.py (line 279)

After that everything worked.

@TheBigBear

This comment has been minimized.

Copy link

TheBigBear commented Nov 10, 2015

@antmd thanks for your hint. I tried following your example, but I now get:

Exception in thread Thread-1:
Traceback (most recent call last):
  File "/usr/lib64/python2.7/threading.py", line 810, in __bootstrap_inner
    self.run()
  File "/usr/lib64/python2.7/threading.py", line 763, in run
    self.__target(*self.__args, **self.__kwargs)
  File "/usr/lib64/python2.7/SocketServer.py", line 238, in serve_forever
    self._handle_request_noblock()
  File "/usr/lib64/python2.7/SocketServer.py", line 290, in _handle_request_noblock
    request, client_address = self.get_request()
  File "/usr/lib64/python2.7/SocketServer.py", line 467, in get_request
    return self.socket.accept()
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/crypto_util.py", line 89, in accept
    context.set_tlsext_servername_callback(self._pick_certificate_cb)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1007, in set_tlsext_servername_callback
    _lib.SSL_CTX_set_tlsext_servername_callback(
AttributeError: 'module' object has no attribute 'SSL_CTX_set_tlsext_servername_callback'

Failed authorization procedure. www.cservices.org.uk (tls-sni-01): connection :: The server could not connect to the client for DV :: Failed to connect to host for DVSNI challenge

IMPORTANT NOTES:
 - The following 'connection' errors were reported by the server:

   Domains: www.example.com
   Error: The server could not connect to the client for DV

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client.
(letsencrypt)[root@www letsencrypt-plesk]# 

Any ideas?

@pde

This comment has been minimized.

Copy link
Member

pde commented Nov 11, 2015

Realistically, support for very old operating systems is never going to be an objective for the Let's Encrypt python client. You may be able to get certs using a different client (such as the minimalist JavaScript one here), though we can't provide assistance in making that work. Or spin up a more modern OS :)

@pde pde closed this Nov 11, 2015

@pde pde added wontfix and removed more-info labels Nov 11, 2015

@TheBigBear

This comment has been minimized.

Copy link

TheBigBear commented Nov 11, 2015

@pde thanks for your help. I do appreciate your pointer to the light-weight 'js' client.

Not sure things look to good for letsencrypt with this sort of attitude and outlook on major numbers of potential clients.

RHEL 5 may be 'very old' but it is an enterprise level OS and between RHEL/CENTOS and all the other clones this is a huge part of the internet you turn your back on.

Redhat (and Suse and Oracle and others ) that provide Enterprise Linux distros typically support them for 10+ years. And that is also what a lot of hosters out there use, they are new for a while, but eventually all become 'very old'.

I would have expected for letsencrypt to try to cater for the main active and supported windows and linux distros out there.

@gene1wood

This comment has been minimized.

Copy link
Contributor

gene1wood commented Feb 16, 2016

RHEL 5 is currently in it's Production 3 phase which continues through March 31, 2017.

I guess I'll try @antmd's suggested workaround.

@dcaravana

This comment has been minimized.

Copy link

dcaravana commented Feb 16, 2016

Agree with @TheBigBear but let's give time to this project since it's quite new.

@pde the end goal of this project and similar ones is make the Internet a more secure place now so it should adapt to the current reality not to a supposed future one.

In any case, another workaround since I've got a CentOS 5 server which I cannot upgrade: I've forwarded TCP port 443 from server to my Mac through a private VPN and run letsencrypt in standalone mode as described in the docs https://letsencrypt.readthedocs.org/en/latest/using.html#standalone.

In any case, thanks for your hard work that, incredibly enough, made this project real!

@zjw

This comment has been minimized.

Copy link

zjw commented Oct 2, 2016

For the record, certbot-auto can be made to work on CentOS 5. To get set up, do the following (some of these steps may be unnecessary, depending on what you have already done in the past):

rm -rf ~/.local/share/letsencrypt/
yum install epel-release
yum install python26 python26-devel openssl101e openssl101e-devel
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

You will also need to edit /etc/httpd/conf.d/ssl.conf and remove or comment-out the VirtualHost section in it.

Then use the following command whenever you want to invoke certbot-auto (if your system is 32 bit, then substitute lib for lib64):

LE_PYTHON=python26 CFLAGS="-I/usr/include/openssl101e" LDFLAGS="-L/usr/lib64/openssl101e" ./certbot-auto -t -a webroot -i apache

The CFLAGS and LDFLAGS environment variables are only used when certbot-auto upgrades itself to a newer version, but since you don't know when that might happen, they need to always be in the environment.

Text mode (-t) is needed because the curses UI makes use of a dselect dialog box which only became available with dialog 1.1 (CentOS 5 has dialog 1.0). webroot authentication must be used because the installed httpd and its mod_ssl don't support SNI.

It is possible to use multiple name-based virtual hosts on a single port, so long as you are willing to have them all share a single certificate that lists each of the hosts as an alt. name.

When invoked, certbot-auto emits a deprication warning about python 2.6. You can silence that by creating /usr/lib64/python2.6/sitecustomize.py with this:

import warnings
warnings.filterwarnings("ignore", ".*A future version of cryptography will drop support for Python 2.6", DeprecationWarning, "cryptography")
# Use this instead if you don't want any deprecations:
# warnings.simplefilter("ignore", DeprecationWarning)

It is possible to run certbot-auto as a normal user, and it will try to use sudo as it needs to. One problem, though, is that it needs to invoke apachectl which is located in /usr/sbin. Unless you take steps to assure that /usr/sbin is in the PATH variable inside the sudo environment, the invocation will fail, claiming that the apache plugin is not working. An example of a possible solution would be to add some variation of the following (depending on your security requirements) to /etc/sudoers (using visudo):

%wheel  ALL=(ALL)       NOPASSWD: ALL
Defaults:%wheel    !env_reset

Then add the normal user to group 'wheel'. Then add PATH="$PATH:/usr/sbin" as an additional environment variable when invoking certbot-auto.

@miqmago

This comment has been minimized.

Copy link

miqmago commented Feb 18, 2018

I could solve this problem by executing following commands ubuntu 16 (from #1968 (comment)):

$ sudo easy_install --upgrade pip
...
Installed /usr/lib/python2.7/site-packages/pip-9.0.1-py2.7.egg
Processing dependencies for pip
Finished processing dependencies for pip

$ sudo pip uninstall requests
...
  Successfully uninstalled requests-1.1.0

$ sudo pip install requests
...
Successfully installed requests-2.12.4

$ pip install --upgrade pyOpenSSL

Last line from andresriancho/w3af#15260 (comment) upgraded pyOpenSSL and I could have the fun again

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment