Certbot-auto stopped working completely (ImportError cryptography)


certbot-auto went crazy with the latest upgrade v0.22.2 and stopped working completely, I’ve tried the solutions described in the following:

But to no avail.
Additionally, I have no option to downgrade certbot to a working version.


My domain is:
console.configo.io, console.proofsrc.com

I ran this command:
certbot-auto --help
certbot-auto renew --cert-only

It produced this output:
Error: couldn’t get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 7, in
from certbot.main import main
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py”, line 10, in
import josepy as jose
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/init.py”, line 41, in
from josepy.interfaces import JSONDeSerializable
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py”, line 8, in
from josepy import errors, util
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py”, line 4, in
import OpenSSL
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/init.py”, line 8, in
from OpenSSL import rand, crypto, SSL
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/rand.py”, line 12, in
from OpenSSL._util import (
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/_util.py”, line 6, in
from cryptography.hazmat.bindings.openssl.binding import Binding
ImportError: No module named cryptography.hazmat.bindings.openssl.binding

My web server is (include version):
Nginx 1.12.1

The operating system my web server runs on is (include version):
Amazon Linux
Linux version 4.9.77-31.58.amzn1.x86_64 (mockbuild@gobi-build-64011) (gcc version 7.2.1 20170915 (Red Hat 7.2.1-2) (GCC) ) #1 SMP Thu Jan 18 22:15:23 UTC 2018

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


Have you seen this more recent workaround? Renew Error:No module named cryptography.hazmat.bindings.openssl.binding

Since Certbot appears to persistently have problems with Amazon Linux, consider also a client with less dependencies in the long term: https://letsencrypt.org/docs/client-options/


Thanks for your reply!

Unfortunately the suggested fix doesn’t work.
The solution suggested creating a link to dist-packages name site-packages, but it seems I have site-packages but no dist-packages.

I’ll try one of the other clients.


@Natanavra, follow the instruction below to see if it helps you.

The solution steps:

Install the cryptography: pip install cryptography
In Lib64, link dist-packages to site-package of python2.7: ln -s dist-packages site-pagages
Run renew with letsencrypt-auto or certbot-auto



The only thing I’m not sure of is step 2.
I cd to Lib64/python2.7 and then run ln -s dist-packages site-pagages

But that doesn’t do anything.
I found an alternative: acme.sh which seems to be far simpler then certbot


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.