I've been using Certbot since 2016 when it was still called letsencrypt. It's been working perfectly for years. But then I broke everything.
I upgraded to OpenSSL 3 a couple of weeks ago, and ever since then Certbot hasn't worked. I can't even understand the error I'm getting, but I think it's something to do with FIPS support in OpenSSL. But I have no idea what FIPS is! The error ended with:
/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_rust.abi3.so: Undefined symbol "EVP_default_properties_is_fips_enabled"
I tried recompiling OpenSSL without FIPS support but it didn't make any difference. There's no ability to compile Certbot without FIPS, and I couldn't find a reference to FIPS in the Certbot manpage. The error also references Python and Rust, but they have no FIPS options either.
I've recompiled half my server and I still can't get Certbot to run. Does anybody have any ideas or suggestions?
The full error is:
Traceback (most recent call last): File "/usr/local/bin/certbot", line 33, in <module> sys.exit(load_entry_point('certbot==2.7.3', 'console_scripts', 'certbot')()) File "/usr/local/bin/certbot", line 25, in importlib_load_entry_point return next(matches).load() File "/usr/local/lib/python3.9/importlib/metadata.py", line 86, in load module = import_module(match.group('module')) File "/usr/local/lib/python3.9/importlib/__init__.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "<frozen importlib._bootstrap>", line 1030, in _gcd_import File "<frozen importlib._bootstrap>", line 1007, in _find_and_load File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 680, in _load_unlocked File "<frozen importlib._bootstrap_external>", line 850, in exec_module File "<frozen importlib._bootstrap>", line 228, in _call_with_frames_removed File "/usr/local/lib/python3.9/site-packages/certbot/main.py", line 6, in <module> from certbot._internal import main as internal_main File "/usr/local/lib/python3.9/site-packages/certbot/_internal/main.py", line 21, in <module> import josepy as jose File "/usr/local/lib/python3.9/site-packages/josepy/__init__.py", line 40, in <module> from josepy.json_util import ( File "/usr/local/lib/python3.9/site-packages/josepy/json_util.py", line 14, in <module> from OpenSSL import crypto File "/usr/local/lib/python3.9/site-packages/OpenSSL/__init__.py", line 8, in <module> from OpenSSL import SSL, crypto File "/usr/local/lib/python3.9/site-packages/OpenSSL/SSL.py", line 9, in <module> from OpenSSL._util import ( File "/usr/local/lib/python3.9/site-packages/OpenSSL/_util.py", line 6, in <module> from cryptography.hazmat.bindings.openssl.binding import Binding File "/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 15, in <module> from cryptography.exceptions import InternalError File "/usr/local/lib/python3.9/site-packages/cryptography/exceptions.py", line 9, in <module> from cryptography.hazmat.bindings._rust import exceptions as rust_exceptions ImportError: /usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_rust.abi3.so: Undefined symbol "EVP_default_properties_is_fips_enabled"