InsecurePlatformWarning & Failed building wheel for cryptography | cffi

Jannik · December 4, 2015, 9:32pm

When trying to run the auto script (./letsencrypt-auto --apache -d iamjannik.me), I’m getting the following text… Since I don’t know nothing about python, I don’t even try to interpret the output.

~/letsencrypt (master)# ./letsencrypt-auto --apache -d iamjannik.me [...]

Updating letsencrypt and virtual environment dependencies...
/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
./root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
../root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning

  Failed building wheel for cryptography
  Failed building wheel for cffi
Command "/root/.local/share/letsencrypt/bin/python2.7 -c "import setuptools, tokenize;__file__='/tmp/pip-build-8EAZp_/cffi/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-2kXmvJ-record/install-record.txt --single-version-externally-managed --compile --install-headers /root/.local/share/letsencrypt/include/site/python2.7/cffi" failed with error code 1 in /tmp/pip-build-8EAZp_/cffi

How can I fix this error and finally get my server secure?

PS: I’m running the thinnest droplet on DigitalOcean with Ubuntu 14.04 LTS and Python 2.7.6…

saranrapjs · December 5, 2015, 5:07pm

I ran into this error when installing as well — googling around a bit, I found this GitHub issue, which suggests that this genre of error originates from the python cryptography module installation requiring more memory than my server had at the moment.

As suggested towards the bottom of that issue, stopping mysql (and in my case, mongo as well) seemed to do the trick: the install proceeded apace.

Hope this helps!

Jannik · December 5, 2015, 7:58pm

Mhm, I stopped the services which used most of the memory (apache2, mysql, ajenti) of the 512MB box, but the errors are still the same…

Maybe this snippet from the -v task helps you. It comes up three times in the log…

  c/_cffi_backend.c:13:17: fatal error: ffi.h: No such file or directory
   #include <ffi.h>
                   ^
  compilation terminated.

saranrapjs · December 6, 2015, 5:29pm

Per the Python Crypotgraphy docs, you may need libffi, which you can install with:

sudo apt-get install build-essential libssl-dev libffi-dev python-dev

or

sudo yum install gcc libffi-devel python-devel openssl-devel

JPUnix · December 30, 2015, 11:45am

Thanks! I tried all these things and still no joy. BTW I’m running a 1M DO instance.

yasiruk · January 6, 2016, 6:16am

Yes, i stopped Apache2 and mysqld on my 512mb server and the command executed successfully.

eschipul · January 8, 2016, 2:52am

@saranrapjs - double-plus-good. Been fighting this for quite a while after auditing servers with “lynis” and trying to install “ndg-httpsclient” per the lynis security audit reports. No joy until now. Your solution worked.

First - the error was the same as the question at the top. Specifically it was:

sudo su
pip install ndg-httpsclient

on a clean (e.g. sudo apt-get update && sudo apt-get upgrade -y) ubuntu 14.04.3 box generated the series following series of errors on ubuntu 14.04.3:

Failed building wheel for cryptography
# trace here followed by 
Failed building wheel for cffi
# more trace here ending with
Command "/usr/bin/python -c "import setuptools, tokenize;__file__='/tmp/pip-build-nloejD/cffi/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-U6h7Db-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-build-nloejD/cffi

From stackoverflow I had tried numerous other solutions but it was running your line of code here:

sudo apt-get install build-essential libssl-dev libffi-dev python-dev

Given I already had build-essential, libssl-dev and both python-dev and python3-dev, I have to believe it was specifically the installation of “libffi-dev” that solved the problem although I can’t be sure. It did update four packages as follows:

The following NEW packages will be installed:
libffi-dev libssl-dev libssl-doc zlib1g-dev
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.

Final result was (again I was in “sudo su”)

 pip install ndg-httpsclient
 # trace stuff here....
 Successfully installed PyOpenSSL-0.15.1 cffi-1.4.2 cryptography-1.1.2

The bottom line is thank you for taking the time to post your comment however brief. It saved me time after I had wasted several hours on this issue. THANK YOU @saranrapjs ! #rockon