Certbot 2.7.3
FreeBSD 13.2
OpenSSL 3.0.12
Python 3.9.18
py39-openssl 23.2.0
I've been using Certbot since 2016 when it was still called letsencrypt. It's been working perfectly for years. But then I broke everything.
I upgraded to OpenSSL 3 a couple of weeks ago, and ever since then Certbot hasn't worked. I can't even understand the error I'm getting, but I think it's something to do with FIPS support in OpenSSL. But I have no idea what FIPS is! The error ended with:
/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_rust.abi3.so: Undefined symbol "EVP_default_properties_is_fips_enabled"
I tried recompiling OpenSSL without FIPS support but it didn't make any difference. There's no ability to compile Certbot without FIPS, and I couldn't find a reference to FIPS in the Certbot manpage. The error also references Python and Rust, but they have no FIPS options either.
I've recompiled half my server and I still can't get Certbot to run. Does anybody have any ideas or suggestions?
The full error is:
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 33, in <module>
sys.exit(load_entry_point('certbot==2.7.3', 'console_scripts', 'certbot')())
File "/usr/local/bin/certbot", line 25, in importlib_load_entry_point
return next(matches).load()
File "/usr/local/lib/python3.9/importlib/metadata.py", line 86, in load
module = import_module(match.group('module'))
File "/usr/local/lib/python3.9/importlib/__init__.py", line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 1030, in _gcd_import
File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 680, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 850, in exec_module
File "<frozen importlib._bootstrap>", line 228, in _call_with_frames_removed
File "/usr/local/lib/python3.9/site-packages/certbot/main.py", line 6, in <module>
from certbot._internal import main as internal_main
File "/usr/local/lib/python3.9/site-packages/certbot/_internal/main.py", line 21, in <module>
import josepy as jose
File "/usr/local/lib/python3.9/site-packages/josepy/__init__.py", line 40, in <module>
from josepy.json_util import (
File "/usr/local/lib/python3.9/site-packages/josepy/json_util.py", line 14, in <module>
from OpenSSL import crypto
File "/usr/local/lib/python3.9/site-packages/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import SSL, crypto
File "/usr/local/lib/python3.9/site-packages/OpenSSL/SSL.py", line 9, in <module>
from OpenSSL._util import (
File "/usr/local/lib/python3.9/site-packages/OpenSSL/_util.py", line 6, in <module>
from cryptography.hazmat.bindings.openssl.binding import Binding
File "/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 15, in <module>
from cryptography.exceptions import InternalError
File "/usr/local/lib/python3.9/site-packages/cryptography/exceptions.py", line 9, in <module>
from cryptography.hazmat.bindings._rust import exceptions as rust_exceptions
ImportError: /usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_rust.abi3.so: Undefined symbol "EVP_default_properties_is_fips_enabled"