Cannot enable executable stack as shared object requires: Invalid argument error

When executes the command sudo ./letsencrypt-auto -a manual certonly appears this error:

Error: couldn’t get currently installed version for /home/mabg/.local/share/letsencrypt/bin/letsencrypt:
Traceback (most recent call last):
File “/home/mabg/.local/share/letsencrypt/bin/letsencrypt”, line 7, in
from certbot.main import main
File “/home/mabg/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py”, line 9, in
from acme import jose
File “/home/mabg/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/jose/init.py”, line 37, in
from acme.jose.interfaces import JSONDeSerializable
File “/home/mabg/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/jose/interfaces.py”, line 9, in
from acme.jose import util
File “/home/mabg/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/jose/util.py”, line 5, in
import OpenSSL
File “/home/mabg/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/init.py”, line 8, in
from OpenSSL import rand, crypto, SSL
File “/home/mabg/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/rand.py”, line 12, in
from OpenSSL._util import (
File “/home/mabg/.local/share/letsencrypt/local/lib/python2.7/site-packages/OpenSSL/_util.py”, line 6, in
from cryptography.hazmat.bindings.openssl.binding import Binding
File “/home/mabg/.local/share/letsencrypt/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py”, line 13, in
from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: /home/mabg/.local/share/letsencrypt/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so: cannot enable executable stack as shared object requires: Invalid argument

What’s happen?

Hi @mabgcapi,

This looks like you’re using a kernel-based security feature that conflicts with a requirement of the OpenSSL library.

(I have to admit that I don’t understand why OpenSSL requires an executable stack; that sounds kind of scary to me in this context, especially since OpenSSL has had a lot of low-level implementation bugs in the past. Maybe I should ask them the developers why this is so.)

We don’t usually encounter this error because most people aren’t using this particular kernel security feature. However, it’s a potentially valuable security feature overall, so it probably worth thinking more about how to make sure Certbot will work when it’s turned on.

According to my web searches for this error message, you can probably run

sudo execstack -c /home/mabg/.local/share/letsencrypt/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so

in order to indicate that this particular library should be allowed to request an executable stack.

It works, thank you very much

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.