Certbot segfault on Debian 8 (caused by python-ndg-httpsclient)

x0rz · March 15, 2017, 6:14pm

Hello there,

certbot command gives me a segfault:

# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/xxxxxxx.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Segmentation fault

I’m on Debian 8 64-bit with grsec (4.8.0-2-grsec-amd64).
Root cause seems to be python-ndg-httpsclient.
You can reproduce:

# printf "import requests\nr = requests.get('https://www.google.com/')\n" | python2.7
Segmentation fault

Does anyone have a work around? As I need to renew my certificate ASAP :’(

ahaw021 · March 16, 2017, 9:34am

work around would be to use something like zerossl or httpsforfree to issue your certificate

can you grab the log files and paste them here

I haven’s seen segmentation faults beofre

ahaw021 · March 16, 2017, 9:44am

this seems to be an old issue looking from the github page

there are several fixes suggested

Andrei

x0rz · March 16, 2017, 9:58am

I’m not sure if this is the same issue.
It worked before (I got the certificates), it segfaults for the renew
What I did in between is installing grsec, weird that an HTTPS connection causes the segfault because of that.

Here are the logs:

2017-03-15 23:20:50,954:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2017-04-02 14:32:00 UTC.
2017-03-15 23:20:50,954:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2017-03-15 23:20:51,010:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2017-03-15 23:20:51,027:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x363080f4350>
Prep: True
2017-03-15 23:20:51,030:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x363080f4350> and installer None
2017-03-15 23:20:51,117:DEBUG:certbot.main:Picked account: <Account(757e3557c4b5a049xxxxxxxxxxxxxxx)>
2017-03-15 23:20:51,128:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2017-03-15 23:20:51,137:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
<Segfault happen here>

system · April 15, 2017, 9:58am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Issues updating Certbot from 0.26 - Segmentation fault on 0.31.0 Help	2	1150	February 13, 2020
Certbot throws segmentation fault Help	11	784	March 31, 2023
Segmentation fault centos 6.9 Server	5	1863	May 19, 2018
Cerbot-auto v0.10.1 - Segmentation Fault Help	3	1948	February 24, 2017
Certbot renew segfaults my apache2 Help	10	2554	July 28, 2018

Certbot segfault on Debian 8 (caused by python-ndg-httpsclient)

Related topics