Certbot segfault on Debian 8 (caused by python-ndg-httpsclient)


#1

Hello there,

certbot command gives me a segfault:

# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/xxxxxxx.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Segmentation fault

I’m on Debian 8 64-bit with grsec (4.8.0-2-grsec-amd64).
Root cause seems to be python-ndg-httpsclient.
You can reproduce:

# printf "import requests\nr = requests.get('https://www.google.com/')\n" | python2.7
Segmentation fault

Does anyone have a work around? As I need to renew my certificate ASAP :’(


#2

work around would be to use something like zerossl or httpsforfree to issue your certificate

can you grab the log files and paste them here

I haven’s seen segmentation faults beofre


#3

this seems to be an old issue looking from the github page

there are several fixes suggested

Andrei


#4

I’m not sure if this is the same issue.
It worked before (I got the certificates), it segfaults for the renew :frowning:
What I did in between is installing grsec, weird that an HTTPS connection causes the segfault because of that.

Here are the logs:

2017-03-15 23:20:50,954:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2017-04-02 14:32:00 UTC.
2017-03-15 23:20:50,954:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2017-03-15 23:20:51,010:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2017-03-15 23:20:51,027:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x363080f4350>
Prep: True
2017-03-15 23:20:51,030:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x363080f4350> and installer None
2017-03-15 23:20:51,117:DEBUG:certbot.main:Picked account: <Account(757e3557c4b5a049xxxxxxxxxxxxxxx)>
2017-03-15 23:20:51,128:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2017-03-15 23:20:51,137:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
<Segfault happen here>

#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.