Certbot libssl.so.1.0.2 but I have 1.1 or 1.0.0?


#1

My domain is: mail.nickellson.com

I ran this command:

grimm@mail:~ certbot -d mail.nickellson.com --manual --preferred-challenges dns certonly Traceback (most recent call last): File "/usr/bin/certbot", line 11, in <module> load_entry_point('certbot==0.26.1', 'console_scripts', 'certbot')() File "/usr/local/lib/python3.4/dist-packages/pkg_resources/__init__.py", line 560, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "/usr/local/lib/python3.4/dist-packages/pkg_resources/__init__.py", line 2648, in load_entry_point return ep.load() File "/usr/local/lib/python3.4/dist-packages/pkg_resources/__init__.py", line 2302, in load return self.resolve() File "/usr/local/lib/python3.4/dist-packages/pkg_resources/__init__.py", line 2308, in resolve module = __import__(self.module_name, fromlist=['__name__'], level=0) File "/usr/lib/python3/dist-packages/certbot/main.py", line 10, in <module> import josepy as jose File "/usr/lib/python3/dist-packages/josepy/__init__.py", line 41, in <module> from josepy.interfaces import JSONDeSerializable File "/usr/lib/python3/dist-packages/josepy/interfaces.py", line 8, in <module> from josepy import errors, util File "/usr/lib/python3/dist-packages/josepy/util.py", line 4, in <module> import OpenSSL File "/usr/local/lib/python3.4/dist-packages/OpenSSL/__init__.py", line 8, in <module> from OpenSSL import rand, crypto, SSL File "/usr/local/lib/python3.4/dist-packages/OpenSSL/rand.py", line 12, in <module> from OpenSSL._util import ( File "/usr/local/lib/python3.4/dist-packages/OpenSSL/_util.py", line 6, in <module> from cryptography.hazmat.bindings.openssl.binding import Binding File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 12, in <module> from cryptography.hazmat.bindings._openssl import ffi, lib ImportError: libssl.so.1.0.2: cannot open shared object file: No such file or directory grimm@mail:~

My web server is (include version): mail-in-a-box 0.29

The operating system my web server runs on is (include version): Ubuntu 14.04

My hosting provider, if applicable, is: My own VMWare

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#2

Hi,

Did you install your OpenSSL from apt repos? Or you / software did a manual install by source?

Could you also please run whereis openssl and ldd /usr/bin/openssl

Thank you


#3

I believe all things were installed via apt-get EXCEPT for mail-in-a-box itself, it’s installed and updated via a shell installer run right from their website.

grimm@mail:~ whereis openssl openssl: /usr/bin/openssl /usr/include/openssl /usr/share/man/man1/openssl.1ssl.gz grimm@mail:~ ldd /usr/bin/openssl
linux-vdso.so.1 => (0x00007ffce6daf000)
libssl.so.1.1 => /usr/lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007fd131e77000)
libcrypto.so.1.1 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007fd1319ff000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fd1317e1000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fd131418000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fd131214000)
/lib64/ld-linux-x86-64.so.2 (0x00007fd1320e1000)
grimm@mail:~$


#4

Hi,

Could you also please run openssl version? (I guess the system is now on OpenSSL 1.1)

Thank you


#5

grimm@mail:~$ openssl version
OpenSSL 1.1.0h 27 Mar 2018

Yup, appears so.


#6

Hi,

Also, I would like to mention that (it seems) mailinabox has it’s own way to obtain a tls certificate from let’s encrypt. (Both from command line and control panel)

Thank you


#7

It does, but only works if you run it in a public cloud server. I have in at my house behind a port forward that breaks the automatic method, so I have been using the manual DNS route for 2 years. :smiley:

Their integration requires that you use them for DNS and Web Services as well, all in one box. I have my services hosted at home and my DNS/WEB/etc all on different machines.


#8

What has changed recently is that I was running mail-in-a-box .23 and was doing my checks for updates… they had .29 out, so I updated my system with the usuall update/upgrade process, that prolly updated the SSL stuff. this was on Friday last week.


#9

It sounds like certbot may need to be re-installed - but I’m not sure how to best do that.
So, I would recommend you first try using certbot-auto
see: https://certbot.eff.org/docs/install.html#certbot-auto


#10

Hey!! That certbot-auto Virtual Environment is slick! That worked, and should work no matter how hosed the system libraries get… didn’t know that existed!

I am back up and running :smiley: