Amazon Linux AMI: Cerbot can't find python dependencies

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: haythere.lindseyforwarders.com

I ran this command:

sudo ./certbot-auto renew

It produced this output:

Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in <module>
    from certbot.main import main
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 2, in <module>
    from certbot._internal import main as internal_main
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/_internal/main.py", line 10, in <module>
    import josepy as jose
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py", line 41, in <module>
    from josepy.interfaces import JSONDeSerializable
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 7, in <module>
    from josepy import errors, util
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 7, in <module>
    import OpenSSL
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 12, in <module>
    from cryptography import x509
ImportError: No module named cryptography

My web server is (include version):

 NAME="Amazon Linux AMI"
 VERSION="2018.03"
 ID="amzn"
 ID_LIKE="rhel fedora"
 VERSION_ID="2018.03"
 PRETTY_NAME="Amazon Linux AMI 2018.03"
 ANSI_COLOR="0;33"
 CPE_NAME="cpe:/o:amazon:linux:2018.03:ga"
 HOME_URL="http://aws.amazon.com/amazon-linux-ami/"

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Running ./certbot-auto --version produces the same error as above
Not sure what the version is but I ran “wget https://dl.eff.org/certbot-auto” within the last week to download certbot. I had used letsencrypt to install certs for nginx a few months back and everything worked just fine. Now the cert is expiring in 10 days and when I went to run the renew command I get the above errors due to missing python dependencies. I have pip installed these dependencies including cryptography and for some reason they are not recognized.

I’m not sure what went wrong nor how to fix that.
I would recommend deleting that version and download a fresh copy.

Thanks for your reply.
I failed to mention that I installed the cert the first time with letsencrypt not certbot and when I fist tried to renew the cert it gave me the same error. I’m thinking that its not something wrong with my certbot or letsencrypt but python itself. Would reinstalling python work? I looked around to learn how to fully remove python an reinstall but didn’t find too much help.

Probably not.
Certbot-auto handles all of its' own requirements.

I was not aware of that. I will try to reinstall certbot. I have see other people with problems on Amazon Linux and haven’t found too many solution so I’m a little worried. I’ll reinstall and see what happens

Try deleting /opt/eff.org/certbot and running certbot-auto again.

As already mentioned, certbot-auto manages its own dependencies inside a virtual environment.

If something has gone wrong in the venv, deleting it is a pretty safe “reset button”, as it will be regenerated from scratch the next time.

Ok, so I did everything you both suggested:

user@webserver:~$ wget https://dl.eff.org/certbot-auto
user@webserver:~$ sudo mv certbot-auto /usr/local/bin/certbot-auto
user@webserver:~$ sudo chown root /usr/local/bin/certbot-auto
user@webserver:~$ chmod 0755 /usr/local/bin/certbot-auto
user@webserver:~$ /usr/local/bin/certbot-auto --help

and deleting /opt/eff.org/certbot

I still got missing dependencies errors, however this time I was able to create simlinks to some of the correct packages in my python2.7 site-packages
These two were successful and the errors went away but I started having issues finding the correct packages.

sudo ln -s /usr/local/lib64/python2.7/site-packages/cryptography /opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/cryptography
sudo ln -s /usr/local/lib64/python2.7/site-packages/_cffi_backend.so  /opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/_cffi_backend.so

Also, I have no idea how many dependencies I will have to manually fix. I’m a little discouraged because it does manage its own dependencies so is there just something wrong with this version of certbot?

thanks for your help

If blowing away the virtual environment didn't help, I don't think there's much more you can do to make it work out of the box.

This comment from the Certbot developers suggests that Amazon Linux 1 is unsupported: Amazon Linux certbot ImportError: No module named cryptography · Issue #7049 · certbot/certbot · GitHub . YMMV with workarounds.

It may be easier to, for now, choose another client, like acme.sh.

In which order did you do the steps?

That makes it sound like the delete came last...

Still gives the same error on amazon linux. I have tried and tested all the steps outlined in this thread before my post and none of them are working for me. I am not sure what is wrong with this certbot utility. I took a fresh git clone of the repository and tried it and still it didn't work. When I try to install cryptography it tells me to upgrade pip

pip install cryptography
Requirement already satisfied: cryptography in /usr/lib64/python2.7/dist-packages
Requirement already satisfied: cffi!=1.11.3,>=1.8 in /usr/lib64/python2.7/dist-packages (from cryptography)
Requirement already satisfied: six>=1.4.1 in /usr/lib/python2.7/dist-packages (from cryptography)
Requirement already satisfied: ipaddress; python_version < "3" in /usr/lib/python2.7/dist-packages (from cryptography)
Requirement already satisfied: enum34; python_version < "3" in /usr/lib/python2.7/dist-packages (from cryptography)
Requirement already satisfied: pycparser in /usr/lib/python2.7/dist-packages (from cffi!=1.11.3,>=1.8->cryptography)
You are using pip version 9.0.3, however version 19.3.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.

So I downloaded certbot executable from using below command.

wget https://dl.eff.org/certbot-auto
mv certbot-auto /usr/local/bin/certbot-auto
chown root /usr/local/bin/certbot-auto
/usr/local/bin/certbot-auto --help
Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in
from certbot.main import main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 2, in
from certbot._internal import main as internal_main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/_internal/main.py", line 10, in
import josepy as jose
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/init.py", line 41, in
from josepy.interfaces import JSONDeSerializable
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 7, in
from josepy import errors, util
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 7, in
import OpenSSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/init.py", line 8, in
from OpenSSL import crypto, SSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 12, in
from cryptography import x509
ImportError: No module named cryptography
rm -rf eff.org/*

/usr/local/bin/certbot-auto --no-bootstrap
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in
from certbot.main import main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 2, in
from certbot._internal import main as internal_main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/_internal/main.py", line 10, in
import josepy as jose
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/init.py", line 41, in
from josepy.interfaces import JSONDeSerializable
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 7, in
from josepy import errors, util
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 7, in
import OpenSSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/init.py", line 8, in
from OpenSSL import crypto, SSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 12, in
from cryptography import x509
ImportError: No module named cryptography

And it didn't work either. I am not sure what to do now. I am stuck with my website not working state.

I would switch to another client - like: acme.sh

Thanks, Seems like the thing to do. I will try that I let everyone know how it goes.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.