New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

X509 object has no attribute '_x509' #3944

Closed
poing opened this Issue Dec 21, 2016 · 6 comments

Comments

Projects
None yet
4 participants
@poing

poing commented Dec 21, 2016

Certbot has stopped working, again. Normally, a package update via yum fixes whatever changed. But did not help this time.

Seems like something should have been added to the cert. Anyone know how I can resolve this issue?
certbot 0.9.3

CentOS 7 x64 - Linux web4.invite-comm.jp 3.10.0-327.36.3.el7.x86_64 #1 SMP Mon Oct 24 16:09:20 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/foo.web4.invite-comm.jp.conf
-------------------------------------------------------------------------------
Should renew, less than 30 days before certificate expiry 2017-01-09 17:42:00 UTC.
Cert is due for renewal, auto-renewing...
Requested authenticator webroot and installer None
Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x307ca10>
Prep: True
Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x307ca10> and installer None
Picked account: <Account(__removed_for_security__)>
Sending GET request to https://acme-staging.api.letsencrypt.org/directory. args: (), kwargs: {}
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Attempting to renew cert from /etc/letsencrypt/renewal/foo.web4.invite-comm.jp.conf produced an unexpected error: 'X509' object has no attribute '_x509'. Skipping.
Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/certbot/renewal.py", line 348, in renew_all_lineages
    main.obtain_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 558, in obtain_cert
    le_client = _init_le_client(config, auth, installer)
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 375, in _init_le_client
    return client.Client(config, acc, authenticator, installer, acme=acme)
  File "/usr/lib/python2.7/site-packages/certbot/client.py", line 190, in __init__
    acme = acme_from_config_key(config, self.account.key)
  File "/usr/lib/python2.7/site-packages/certbot/client.py", line 42, in acme_from_config_key
    return acme_client.Client(config.server, key=key, net=net)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 63, in __init__
    self.net.get(directory).json())
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 624, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 606, in _send_request
    response = self.session.request(method, url, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests-2.12.1-py2.7.egg/requests/sessions.py", line 488, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python2.7/site-packages/requests-2.12.1-py2.7.egg/requests/sessions.py", line 609, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests-2.12.1-py2.7.egg/requests/adapters.py", line 423, in send
    timeout=timeout
  File "/usr/lib/python2.7/site-packages/requests-2.12.1-py2.7.egg/requests/packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/lib/python2.7/site-packages/requests-2.12.1-py2.7.egg/requests/packages/urllib3/connectionpool.py", line 350, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python2.7/site-packages/requests-2.12.1-py2.7.egg/requests/packages/urllib3/connectionpool.py", line 835, in _validate_conn
    conn.connect()
  File "/usr/lib/python2.7/site-packages/requests-2.12.1-py2.7.egg/requests/packages/urllib3/connection.py", line 330, in connect
    cert = self.sock.getpeercert()
  File "/usr/lib/python2.7/site-packages/requests-2.12.1-py2.7.egg/requests/packages/urllib3/contrib/pyopenssl.py", line 324, in getpeercert
    'subjectAltName': get_subj_alt_name(x509)
  File "/usr/lib/python2.7/site-packages/requests-2.12.1-py2.7.egg/requests/packages/urllib3/contrib/pyopenssl.py", line 166, in get_subj_alt_name
    cert = _Certificate(openssl_backend, peer_cert._x509)
AttributeError: 'X509' object has no attribute '_x509'
@poing

This comment has been minimized.

Show comment
Hide comment
@poing

poing Dec 21, 2016

I found a fix that got rid of the X509 issue. http://letsencrypt.status.io/ shows planned maintenance, so need to try the renew later.

sudo yum remove python-requests python-urllib3
    Erasing    : certbot-0.9.3-1.el7.noarch
    Erasing    : python2-certbot-0.9.3-1.el7.noarch
sudo pip uninstall requests urllib3
sudo pip install requests==2.11.1 urllib3
sudo yum install certbot

poing commented Dec 21, 2016

I found a fix that got rid of the X509 issue. http://letsencrypt.status.io/ shows planned maintenance, so need to try the renew later.

sudo yum remove python-requests python-urllib3
    Erasing    : certbot-0.9.3-1.el7.noarch
    Erasing    : python2-certbot-0.9.3-1.el7.noarch
sudo pip uninstall requests urllib3
sudo pip install requests==2.11.1 urllib3
sudo yum install certbot
@poing

This comment has been minimized.

Show comment
Hide comment
@poing

poing Dec 21, 2016

Update: Renewal successful and was resolved with the above.

Leaving open for a developer to see and close.

poing commented Dec 21, 2016

Update: Renewal successful and was resolved with the above.

Leaving open for a developer to see and close.

@pde

This comment has been minimized.

Show comment
Hide comment
@pde

pde Dec 21, 2016

Member

OK, closing (I presume the x509 bug you had was due to some python openssl library version issues on your system).

Member

pde commented Dec 21, 2016

OK, closing (I presume the x509 bug you had was due to some python openssl library version issues on your system).

@pde pde closed this Dec 21, 2016

@pde pde added area: pyca and removed area: pyca labels Dec 21, 2016

@pde

This comment has been minimized.

Show comment
Hide comment
@pde

pde Dec 21, 2016

Member

I guess this bug wasn't really with pyopenssl / pyca but with requests having vendored pyopenssl in a buggy way

Member

pde commented Dec 21, 2016

I guess this bug wasn't really with pyopenssl / pyca but with requests having vendored pyopenssl in a buggy way

@zective

This comment has been minimized.

Show comment
Hide comment
@zective

zective Mar 1, 2017

@poing It works for me. Thank you! 👍

zective commented Mar 1, 2017

@poing It works for me. Thank you! 👍

@wnoguchi

This comment has been minimized.

Show comment
Hide comment
@wnoguchi

wnoguchi Mar 10, 2018

works fine. thanks!

wnoguchi commented Mar 10, 2018

works fine. thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment