Certbot segfault on Debian 8 (caused by python-ndg-httpsclient)

Hello there,

certbot command gives me a segfault:

# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/xxxxxxx.conf
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Segmentation fault

I’m on Debian 8 64-bit with grsec (4.8.0-2-grsec-amd64).
Root cause seems to be python-ndg-httpsclient.
You can reproduce:

# printf "import requests\nr = requests.get('https://www.google.com/')\n" | python2.7
Segmentation fault

Does anyone have a work around? As I need to renew my certificate ASAP :’(

work around would be to use something like zerossl or httpsforfree to issue your certificate

can you grab the log files and paste them here

I haven’s seen segmentation faults beofre

this seems to be an old issue looking from the github page

there are several fixes suggested


I’m not sure if this is the same issue.
It worked before (I got the certificates), it segfaults for the renew :frowning:
What I did in between is installing grsec, weird that an HTTPS connection causes the segfault because of that.

Here are the logs:

2017-03-15 23:20:50,954:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2017-04-02 14:32:00 UTC.
2017-03-15 23:20:50,954:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2017-03-15 23:20:51,010:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2017-03-15 23:20:51,027:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x363080f4350>
Prep: True
2017-03-15 23:20:51,030:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x363080f4350> and installer None
2017-03-15 23:20:51,117:DEBUG:certbot.main:Picked account: <Account(757e3557c4b5a049xxxxxxxxxxxxxxx)>
2017-03-15 23:20:51,128:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2017-03-15 23:20:51,137:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
<Segfault happen here>

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.