Fail to run "sudo certbot --nginx" command

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

I was trying to apply ssl certifcate for my web from https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx tutorial, however it output some error when I ran this commad: sudo certbot --nginx

,
My domain is:ess.simplo.com.tw

I ran this command:
sudo certbot --nginx

It produced this output:

Authenticating with public key “imported-openssh-key”

ubuntu@ip-172-31-13-126:~
$ sudo certbot --nginx
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.31.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/pkg_resources/init.py”, line 480, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File “/usr/lib/python3/dist-packages/pkg_resources/init.py”, line 2693, in load_entry_point
return ep.load()
File “/usr/lib/python3/dist-packages/pkg_resources/init.py”, line 2324, in load
return self.resolve()
File “/usr/lib/python3/dist-packages/pkg_resources/init.py”, line 2330, in resolve
module = import(self.module_name, fromlist=[‘name’], level=0)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 10, in
import josepy as jose
File “/usr/lib/python3/dist-packages/josepy/init.py”, line 44, in
from josepy.interfaces import JSONDeSerializable
File “/usr/lib/python3/dist-packages/josepy/interfaces.py”, line 8, in
from josepy import errors, util
File “/usr/lib/python3/dist-packages/josepy/util.py”, line 4, in
import OpenSSL
File “/home/ubuntu/.local/lib/python3.6/site-packages/OpenSSL/init.py”, line 8, in
from OpenSSL import crypto, SSL
File “/home/ubuntu/.local/lib/python3.6/site-packages/OpenSSL/crypto.py”, line 12, in
from cryptography import x509
File “/home/ubuntu/.local/lib/python3.6/site-packages/cryptography/x509/init.py”, line 8, in
from cryptography.x509.base import (
File “/home/ubuntu/.local/lib/python3.6/site-packages/cryptography/x509/base.py”, line 16, in
from cryptography.x509.extensions import Extension, ExtensionType
File “/home/ubuntu/.local/lib/python3.6/site-packages/cryptography/x509/extensions.py”, line 18, in
from cryptography.hazmat.primitives import constant_time, serialization
File “/home/ubuntu/.local/lib/python3.6/site-packages/cryptography/hazmat/primitives/constant_time.py”, line 11, in
from cryptography.hazmat.bindings._constant_time import lib
ModuleNotFoundError: No module named ‘cryptography.hazmat.bindings._constant_time’

My web server is (include version):
Nginx 1.14.2

The operating system my web server runs on is (include version):
Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-1063-aws x86_64)

My hosting provider, if applicable, is: AWS EC2

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): I don’t know.

How did you install certbot?

Also, tell me what’s the output of
sudo apt update && apt list --upgradable | grep -E 'certbot|python'

And how did the Python cryptography and OpenSSL modules get installed in /home/ubuntu/.local?

I follow these commands to install cerbot.
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-nginx

Here is the output of
sudo apt update && apt list --upgradable | grep -E ‘certbot|python’:

Fetched 5633 kB in 3s (1656 kB/s)
Reading package lists… Done
Building dependency tree
Reading state information… Done
157 packages can be upgraded. Run ‘apt list --upgradable’ to see them.

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

libpython3-dev/bionic-updates 3.6.7-1~18.04 amd64 [upgradable from: 3.6.5-3ubuntu1]
libpython3-stdlib/bionic-updates 3.6.7-1~18.04 amd64 [upgradable from: 3.6.5-3ubuntu1]
libpython3.6/bionic-updates 3.6.9-1~18.04 amd64 [upgradable from: 3.6.8-1~18.04.3]
libpython3.6-dev/bionic-updates 3.6.9-1~18.04 amd64 [upgradable from: 3.6.8-1~18.04.3]
libpython3.6-minimal/bionic-updates 3.6.9-1~18.04 amd64 [upgradable from: 3.6.8-1~18.04.3]
libpython3.6-stdlib/bionic-updates 3.6.9-1~18.04 amd64 [upgradable from: 3.6.8-1~18.04.3]
python3/bionic-updates 3.6.7-1~18.04 amd64 [upgradable from: 3.6.5-3ubuntu1]
python3-apport/bionic-updates 2.20.9-0ubuntu7.13 all [upgradable from: 2.20.9-0ubuntu7.12]
python3-configobj/bionic 5.0.6-2+ubuntu18.04.1+certbot+1 all [upgradable from: 5.0.6-2]
python3-debconf/bionic-updates 1.5.66ubuntu1 all [upgradable from: 1.5.66]
python3-dev/bionic-updates 3.6.7-1~18.04 amd64 [upgradable from: 3.6.5-3ubuntu1]
python3-distupgrade/bionic-updates 1:18.04.37 all [upgradable from: 1:18.04.28]
python3-distutils/bionic-updates 3.6.9-1~18.04 all [upgradable from: 3.6.5-3]
python3-gdbm/bionic-updates 3.6.9-1~18.04 amd64 [upgradable from: 3.6.5-3]
python3-gi/bionic-updates 3.26.1-2ubuntu1 amd64 [upgradable from: 3.26.1-2]
python3-httplib2/bionic-updates 0.9.2+dfsg-1ubuntu0.1 all [upgradable from: 0.9.2+dfsg-1]
python3-lib2to3/bionic-updates 3.6.9-1~18.04 all [upgradable from: 3.6.5-3]
python3-minimal/bionic-updates 3.6.7-1~18.04 amd64 [upgradable from: 3.6.5-3ubuntu1]
python3-problem-report/bionic-updates 2.20.9-0ubuntu7.13 all [upgradable from: 2.20.9-0ubuntu7.12]
python3-update-manager/bionic-updates 1:18.04.11.10 all [upgradable from: 1:18.04.11.6]
python3-zope.interface/bionic 4.3.2-1+ubuntu18.04.1+certbot+1 amd64 [upgradable from: 4.3.2-1build2]
python3.6/bionic-updates 3.6.9-1~18.04 amd64 [upgradable from: 3.6.8-1~18.04.3]
python3.6-dev/bionic-updates 3.6.9-1~18.04 amd64 [upgradable from: 3.6.8-1~18.04.3]
python3.6-minimal/bionic-updates 3.6.9-1~18.04 amd64 [upgradable from: 3.6.8-1~18.04.3]

You should probably upgrade but doesn’t look like a problem.

Tell me the output of which -a certbot and sudo which -a certbot

in one of those, I guess, if they are installed via apt:

% python3
Python 3.8.2 (default, Mar 13 2020, 10:14:16) 
[GCC 9.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys
>>> print (sys.path)
['', '/usr/lib/python38.zip', '/usr/lib/python3.8', '/usr/lib/python3.8/lib-dynload', '/usr/local/lib/python3.8/dist-packages', '/usr/lib/python3/dist-packages']
>>> 

It looks like you installed them via pip in your home directory…

(I am on a prerelease version of ubuntu 20.04, your paths and version numbers might be different.)

The output of which -a certbot and sudo which -a certbot is
/usr/bin/certbot

The output of which -a certbot and sudo which -a certbot is
/usr/bin/certbot

run sudo -i

and then certbot {whatever option you want}

then Ctrl+d

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.