InsecurePlatformWarning on Ubuntu 14.04 w/ Python 2.7.6


#1

When running letsencrypt-auto for the first time, it installs some packages.

During the installation, the following warning pops up:

Updating letsencrypt and virtual environment dependencies…/home/user/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/vendor/requests/packages/urllib3/util/ssl.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning

Reading the description makes it sound as if HTTPS URLs cannot be retrieved in a safe manner with python 2.7.6 unless I install PyOpenSSL.

Is this correct? How do I install it?


#2

Get the same on CentOS 6.7


#3

The link has this recommendation:

If you encounter this warning, it is strongly recommended you upgrade to a
newer Python version, or that you use pyOpenSSL as described in the
OpenSSL / PyOpenSSL section.

On Debian/Ubuntu, the python version can be determined like this:

PYTHONVERSION=$(dpkg-query --show --showformat ‘${Version}\n’ python)

This yields “2.7.5-5ubuntu3” at the moment.
Then, compare it to the minimum version 2.7.9 to stop this error from occuring:

dpkg --compare-versions $PYTHONVERSION ge 2.7.9

If it fails (error code $? = 1), it means that python is too old and
you need to install the OpenSSL stuff:

In the file letsencrypt-auto, insert
the line

$VENV_BIN/pip install -U pyopenssl ndg-httpsclient pyasn1
after the line
$VENV_BIN/pip install -U letsencrypt letsencrypt-apache

and the lines

printf .
$VENV_BIN/pip install -U pyopenssl ndg-httpsclient pyasn1
after the line
$VENV_BIN/pip install -U letsencrypt > /dev/null

That seems to do the trick.


#4

well nice. my raspi had the same problem, and the mods did it.


#5

Ok I have done the following:

PYTHONVERSION=$(dpkg-query --show --showformat '${Version}\n' python)

When echoing that one out I get:

2.7.5-5ubuntu3

Then I do:

dpkg --compare-versions $PYTHONVERSION ge 2.7.9

which doesn’t output anything. Now I retry:

./letsencrypt-auto --apache --server .....

And this results in:

Updating letsencrypt and virtual environment dependencies.../home/droid/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning. InsecurePlatformWarning ./home/droid/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning. InsecurePlatformWarning ../home/droid/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning. InsecurePlatformWarning
After that it is hanging and nothing happens.


#6

These instructions helped me with my problem on Debian 7.9 with Python 2.7.5.

Unfortunately I couldn’t follow them verbatim, here’s what I did.

$ sudo apt-get install libffi-dev
$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ ./letsencrypt-auto --help
[...]
Command "/home/stemid/.local/share/letsencrypt/bin/python2.7 -c "import setuptools,..." failed with error code 1 in /tmp/pip-build-PYh2Of/cryptography
$ . ../.local/share/letsencrypt/bin/activate
$ pip install pyopenssl ndg-httpsclient pyasn1
$ deactivate
$ ./letsencrypt-auto --help

And then it should work.

So to summarize, run the client once and let it fail so the virtualenv is created and then activate the virtualenv in your own shell to install pyopenssl.

Make sure pip install cryptography works before leaving the virtualenv.


#7

I had the same problem and got it working with the below changes to ./letsencrypt-auto. The above suggested changes didn’t work because they need to be installed before letsencrypt

$VENV_BIN/pip install -U pip
$VENV_BIN/pip install -U pyopenssl ndg-httpsclient pyasn1 # <- added this here

and

$VENV_BIN/pip install -U pip > /dev/null
print .
$VENV_BIN/pip install -U pyopenssl ndg-httpsclient pyasn1  # <- added this here

Cheers!