Errors on OS/X most worrisome

Hey folks,

I’m willing to go through the effort to get this working rather than pay $100 to gandi for a certificate.

Note! I would have run this on Linux in virtualbox however virtualbox refuses to mount USB drives, and I don’t want to FTP important files like private keys out of virtualbox… OK I suppose I could GPG them but still. Why not get OSX working?

So, running letsencrypt-auto on OS X Yosemite, after installing homebrew and updating setuptools, I get the following errors.

sudo ./letsencrypt-auto --debug certonly -a manual --rsa-key-size 4096 -d [mydomain].org -d www.[mydomain].org


Updating letsencrypt and virtual environment dependencies… Failed building wheel for cffi

Command "/Users/me/.local/share/letsencrypt/bin/python2.7 -c "import setuptools, tokenize;file=… failed with error code 1 in /private/tmp/pip-build-Ab1HoL/cffi

Question: What is pip?

Question: What is wheel actually? On OSX there is no wheel acount FYI. Should I create a regular user called wheel?

The main letsencrypt-auto doesn’t play nicely on OS X :wink: to be honest I’d suggest looking at one of the other clients which may be more suitable for you. I don’t use OS X myself, so can’t help much debugging everything - although there will be some otehr folk around who can probably help more.

pip is a python package manager.

googling “failed building wheel for cffi” yields:

wheel isn’t referring to a user. its referring to a package.

Give that SO question a look and see if anything there helps you resolve.

I’ll also note that you can get SSL certs for as little as $10 through NameCheap (and several other vendors).

I already reported and got a resolved for this issue. Please check github before and post problems there: Trouble using Let's Encrypt on OS X

And free from requires you to import the cert into the browser, still gives you the “this cert is self signed or untrusted” issue without importing the cert.

Not at all. You just need to assemble the chain of trust certificate manually from your domain’s certificate, their intermediate certificate, and their root certificate. LetsEncrypt does that for you, and stores the result as the fullchain.pem file in the live directory.

Check my website - - if you’d like to see a StartSSL certificate.

Weird, when I tried it had issues, whatever. lol

The projects should just merge… tbh.

1 Like