No!
$ ldd /usr/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so |grep libssl
libssl.so.45 => /usr/local/lib/libssl.so.45 (0x286a8000)
$ ldd $(which openssl) | grep libssl
libssl.so.8 => /usr/lib/libssl.so.8 (0x280df000)
Hmmm.
Edit: I have both openssl (part of the FreeBSD base system) and libressl (from package libressl).
So:
# /usr/local/bin/openssl x509 -noout -text -in /usr/local/etc/letsencrypt/archive/www.diversediversity.org.uk/fullchain5.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:6d:b2:3a:42:04:8a:77:f2:70:a8:f2:e7:07:f1:45:29:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Validity
Not Before: Mar 31 23:33:20 2018 GMT
Not After : Jun 29 23:33:20 2018 GMT
Subject: CN=www.diversediversity.org.uk
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ba:ad:84:a0:49:97:5d:e1:49:e9:02:aa:69:c3:
f4:31:6f:39:ed:25:00:65:91:87:c3:b9:4e:e2:b0:
04:eb:25:59:f2:ef:80:d8:26:9e:4e:4a:84:05:6d:
dd:79:1b:82:b5:1b:99:f5:2a:dd:18:7a:4d:aa:bf:
d8:5f:17:bc:1f:f4:43:3b:5d:93:a0:5e:b2:4f:bc:
2a:30:39:c1:40:2d:96:bf:ea:4c:56:98:99:92:5d:
e1:38:09:07:44:93:eb:85:dd:8a:6b:f9:69:c7:60:
29:a8:5b:5a:e6:de:ad:d8:95:79:7c:e5:91:ef:c6:
eb:d8:17:9b:bd:87:00:95:e0:7b:82:46:40:bd:11:
03:99:69:43:10:22:f1:a5:73:2f:ac:1b:0a:f9:92:
a9:b9:e3:3c:0f:4a:4b:0e:b6:7a:f7:49:f8:ef:96:
b1:9b:f1:da:5d:ae:55:74:f5:a2:13:24:61:80:17:
23:37:8b:64:a2:32:83:8c:56:92:cd:4f:88:8e:ce:
b1:3f:b4:7b:12:32:05:d8:ec:a0:9b:db:0d:01:72:
8d:c8:c4:41:3a:25:9f:fb:59:a7:3d:cd:39:88:e3:
07:a1:45:e7:cb:64:b2:14:69:ff:00:4f:37:70:b4:
2e:12:49:9b:dd:d1:7a:dc:b3:81:1d:ff:45:37:f1:
07:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
B4:02:5C:0A:77:53:12:32:FE:6B:DF:25:C6:9F:64:22:7D:9D:A1:23
X509v3 Authority Key Identifier:
keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
Authority Information Access:
OCSP - URI:http://ocsp.int-x3.letsencrypt.org
CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
X509v3 Subject Alternative Name:
DNS:diversediversity.org.uk, DNS:diversity.kjpetrie.co.uk, DNS:www.diversediversity.org.uk, DNS:www.kjpetrie.co.uk
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
User Notice:
Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/
1.3.6.1.4.1.11129.2.4.2:
......w..t...)....>qm,....6..q..].O7...d...b~.m......H0F.!..9z..Z"...!...I.~...{...../,..._....[.;.8.9i.v.)<Q.T.9e..P.X...o.Xz)r......EG.x...b~.m......G0E.!...Hh.n*e..#)R.....%gz|]..'|....P. .s....2.4<u.)..#W......9...d.6+n
Signature Algorithm: sha256WithRSAEncryption
66:1a:72:a1:7c:ec:80:44:fb:94:b8:ea:66:d9:0e:5a:08:d9:
70:de:8d:f9:0b:1f:b6:50:6e:cd:62:34:07:ed:0c:ae:b1:3f:
ab:d6:ec:3f:a9:8d:cf:29:d9:fd:a7:71:88:25:97:87:e7:ab:
9f:45:e3:c5:ca:56:79:e3:ce:11:23:0a:c0:28:d6:fa:ae:1b:
7c:e6:61:9f:28:71:cd:61:b5:1d:4f:20:1f:d9:ff:01:45:33:
09:59:8b:fa:13:e5:62:5b:65:f9:9d:2a:56:33:e6:af:7d:19:
d4:e6:bb:ac:8a:1a:00:2b:e7:4b:15:58:e0:ad:a2:92:83:4a:
9f:ce:d9:fe:7b:0f:a7:4c:9b:df:40:54:91:cb:e8:ce:82:ab:
c1:19:80:6e:1d:77:91:c1:32:a4:3c:83:e3:c5:41:8c:35:1d:
36:e0:6b:c0:c9:88:06:17:9e:38:61:1a:67:98:d5:46:15:33:
ca:36:a1:3f:52:f0:b1:aa:de:75:75:75:42:df:a7:29:c5:d5:
36:e6:eb:c1:5e:37:19:92:23:b2:18:10:91:1a:c2:cf:3d:dd:
93:c5:83:23:b3:cc:5a:68:ab:84:0a:cb:ef:2a:5f:79:9e:41:
50:77:ec:83:f3:62:7c:bc:05:69:ed:04:04:4f:dc:e8:75:e5:
49:73:e6:12
Now I need to find out why libressl is installed and whether we can use openssl instead.