-
-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
InsecurePlatformWarning #1883
Comments
It should only be an issue because ubuntu ships with python 2.7.6 while urllib issues that warning on anything below 2.7.9, updating python2 should fix it.
|
That's strange. I just ran |
Ubuntu repos have an older version, try running |
Yep, there it is. Does that mean these instructions will over write the older version assuming you replaced |
So you either run unofficial or update by building the source... that's a pain. Is there any reason
|
I suppose an |
It shouldn't be a python2 and python3 conflict since |
What would the syntax for that look like? Additionally, that would require |
@devster31 @pde I was poking around the other open issues and it looks like this may be a duplicate of #1623? Thoughts or comments? |
I think it's a duplicate if you only get the warning during the initial run, if I understood correctly I don't think there's a way to avoid that besides suppressing warnings as suggested in #1623. However further warnings during normal letsencrypt operations should be fixed separately using something like what's already in acme/acme/client.py: # Prior to Python 2.7.9 the stdlib SSL module did not allow a user to configure
# many important security related options. On these platforms we use PyOpenSSL
# for SSL, which does allow these options to be configured.
# https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning
if sys.version_info < (2, 7, 9): # pragma: no cover
requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3() which would be the best solution possible. PyOpenSSL is already a dependency and is installed during the bootstrap process, so the fix would be to add the above lines wherever requests is imported. |
Mm.. who could do something like that? Admittedly, I know not how to write Python. :/ Would suppressing the warning still allow certificates to be deployed, or would more runtime errors occur later on down the road? I'm writing a tutorial about Let's Encrypt and I'm on the fence about telling readers to suppress warnings. :/ |
There's a discussion with a pull request about suppressing warnings during the installation, I already linked it in the previous comment. It shouldn't cause any problems with the process besides the security vulnerabilities. |
Got'cha. I will stay on the lookout. Thanks for conversing with me on the matter! :) |
Once we land the new |
I was messing around with
Anything I can do? Cannot obtain/renew any certificates currently. |
+1 have same issue on Ubuntu 14.04, which comes with default Python 2.7.6 After fail, I was trying to install pyOpenSSL with: /root/.local/share/letsencrypt/bin/pip install pyopenssl ndg-httpsclient pyasn1 But there is some issue with compiling
|
I guess the problem is that
|
The problem appeared to be in lack of memory, adding swap fixed the issue for me: fallocate -l 1G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile |
@alexkravets I am having trouble understanding how adding SWAP memory fixes a Python dependency issue. Elaborate, please! |
@seanthewebber python dependency is fail to compile due to lack of memory |
@alexkravets Oohhh. So
|
@seanthewebber It worked with 1Gb in swap for me, but that depends how much free memory you have on the server. No need to install any dependencies by hands after adding swap, just run |
@alexkravets Sorry for not replying until now. Just confirmed that adding 1GB SWAP like you said fixes the problem. I was able to obtain a certificate a moment ago. Thanks for the help! Solution: ACME client must run on a host with < 2GB of combined RAM and SWAP. Moving forward... this could be a roadblock for low power embedded + IoT devices (like routers). Is there any reason the client has to compile these libraries? Could the libraries be download and installed pre-compiled? |
This was actually closed in #2608 AFAICT. |
still happening on Ubuntu 14.04
|
@LorenzoBoccaccia and Ubuntu 16.04 too |
On Ubuntu 16.04 I had to install |
See if you still get the problem now. #3334 which caused the primary error in the log above has been resolved. |
@eyedol Does the native |
@seanthewebber I didn't try with |
@seanthewebber the package is only available for 16.04 currently |
This definitely affected one of my sites:
|
On Digital Ocean: Reboot fixed it per this thread: |
I believe this should be fixed in recent versions of Certbot and |
➜ dehydrated git:(master) ✗ python --version ➜ certbot git:(master) ./letsencrypt-auto |
./letsencrypt-auto
is generating an InsecurePlatformWarning on Ubuntu 14.04 LTS.This looks like a conflict betweenWhat is the proper way to resolve this conflict and how can we implement a fix to eliminate a custom workaround?python
andpython3
?Terminal excerpt:
The text was updated successfully, but these errors were encountered: