Cannot Renew: ImportError: cannot import name ssl_match_hostname

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: assets.phrazerteam.com

I ran this command: sudo certbot renew

It produced this output:
Traceback (most recent call last):
File “/bin/certbot”, line 9, in
load_entry_point(‘certbot==1.0.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/pkg_resources.py”, line 378, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File “/usr/lib/python2.7/site-packages/pkg_resources.py”, line 2566, in load_entry_point
return ep.load()
File “/usr/lib/python2.7/site-packages/pkg_resources.py”, line 2260, in load
entry = import(self.module_name, globals(),globals(), [‘name’])
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 2, in
from certbot._internal import main as internal_main
File “/usr/lib/python2.7/site-packages/certbot/_internal/main.py”, line 17, in
from certbot._internal import account
File “/usr/lib/python2.7/site-packages/certbot/_internal/account.py”, line 17, in
from acme import messages
File “/usr/lib/python2.7/site-packages/acme/messages.py”, line 11, in
from acme import challenges
File “/usr/lib/python2.7/site-packages/acme/challenges.py”, line 9, in
import requests
File “/usr/lib/python2.7/site-packages/requests/init.py”, line 58, in
from . import utils
File “/usr/lib/python2.7/site-packages/requests/utils.py”, line 32, in
from .exceptions import InvalidURL
File “/usr/lib/python2.7/site-packages/requests/exceptions.py”, line 10, in
from urllib3.exceptions import HTTPError as BaseHTTPError
File “/usr/lib/python2.7/site-packages/urllib3/init.py”, line 8, in
from .connectionpool import (
File “/usr/lib/python2.7/site-packages/urllib3/connectionpool.py”, line 11, in
from .exceptions import (
File “/usr/lib/python2.7/site-packages/urllib3/exceptions.py”, line 2, in
from .packages.six.moves.http_client import (
File “/usr/lib/python2.7/site-packages/urllib3/packages/init.py”, line 3, in
from . import ssl_match_hostname
ImportError: cannot import name ssl_match_hostname

My web server is (include version): Apache 2.4.6

The operating system my web server runs on is (include version): Centos 7

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.1.0

“ssl_match_hostname” should be provided by urllib3 itself. Perhaps you can try and re-install urllib3? It’s called python-urllib3 on CentOS.

Thanks for the response! The server was missing the python-urllib3 package. However, after installing it, I still get the error when I attempt to renew the cert.

That’s kinda strange, because urllib3 was present on your server before… As it generated the error.

According to some site, the ssl_match_hostname directory would have been provided by python-urllib3: https://centos.pkgs.org/7/centos-x86_64/python-urllib3-1.10.2-7.el7.noarch.rpm.html It’s actually a symbolic link to ../../backports/ssl_match_hostname.

But the actual contents of that directory is provided by python-backports-ssl_match_hostname: https://centos.pkgs.org/7/centos-x86_64/python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch.rpm.html

Perhaps python-backports-ssl_match_hostname is missing or not correctly installed? Although it should have been installed when you installed python-urllib3, as it’s a dependency.

I have a suspicion that certbot may be trying to use a different python installation or something. I noticed that if I run: certbot --version
I get: -bash: /usr/local/bin/certbot: /usr/bin/python3: bad interpreter: No such file or directory

Which is suspicious, because I believe Centos 7 primarily uses python 2.7.

I get the ssl_match_hostname error output if I use: sudo certbot --version
Same goes for the command certbot renew.

That's not the normal location of certbot! It should be /usr/bin/certbot Have you ever used the certbot-auto script?

I think I ran it in the course of trying to get the renew to work.

Well, that’s unfortunate. It looks like you’re having two types of certbot on your system then, which aren’t very happy working on the same system.

What happens if you run /usr/bin/certbot directly? I.e., just like I typed? (With for example --version appended…)

I get the ssl_match_hostname error when I run:
/usr/bin/certbot renew

And the file /usr/lib/python2.7/site-packages/backports/ssl_match_hostname/__init__.py is present on your system?

Yes it is.

$ pwd init.py
/usr/lib/python2.7/site-packages/backports/ssl_match_hostname

Well, I’m at a loss. I have no idea why urllib3 wouldn’t know how to find ssl_match_hostname…

Thanks for the time and help! I’ve been banging my head against this for awhile, so it is comforting to know that I am not the only one perplexed by this.

I should add the certbot is working fine on the 4 other servers I installed it on. Same OS and apache. No idea why this server is being problematic.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.