InsecurePlatformWarning on Ubuntu 14.04 w/ Python 2.7.6

Sid · November 4, 2015, 10:24am

When running letsencrypt-auto for the first time, it installs some packages.

During the installation, the following warning pops up:

Updating letsencrypt and virtual environment dependencies...../home/user/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/vendor/requests/packages/urllib3/util/ssl.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see Advanced Usage - urllib3 2.1.0 documentation.
InsecurePlatformWarning

Reading the description makes it sound as if HTTPS URLs cannot be retrieved in a safe manner with python 2.7.6 unless I install PyOpenSSL.

Is this correct? How do I install it?

Spambuster · November 4, 2015, 12:24pm

Get the same on CentOS 6.7

Sid · November 4, 2015, 12:44pm

The link has this recommendation:

If you encounter this warning, it is strongly recommended you upgrade to a
newer Python version, or that you use pyOpenSSL as described in the
OpenSSL / PyOpenSSL section.

On Debian/Ubuntu, the python version can be determined like this:

PYTHONVERSION=$(dpkg-query --show --showformat '${Version}\n' python)

This yields "2.7.5-5ubuntu3" at the moment.
Then, compare it to the minimum version 2.7.9 to stop this error from occuring:

dpkg --compare-versions $PYTHONVERSION ge 2.7.9

If it fails (error code $? = 1), it means that python is too old and
you need to install the OpenSSL stuff:

In the file letsencrypt-auto, insert
the line

$VENV_BIN/pip install -U pyopenssl ndg-httpsclient pyasn1
after the line
$VENV_BIN/pip install -U letsencrypt letsencrypt-apache

and the lines

printf .
$VENV_BIN/pip install -U pyopenssl ndg-httpsclient pyasn1
after the line
$VENV_BIN/pip install -U letsencrypt > /dev/null

That seems to do the trick.

My1 · November 4, 2015, 9:27pm

well nice. my raspi had the same problem, and the mods did it.

droid · November 19, 2015, 6:50pm

Ok I have done the following:

PYTHONVERSION=$(dpkg-query --show --showformat '${Version}\n' python)

When echoing that one out I get:

2.7.5-5ubuntu3

Then I do:

dpkg --compare-versions $PYTHONVERSION ge 2.7.9

which doesn’t output anything. Now I retry:

./letsencrypt-auto --apache --server .....

And this results in:

Updating letsencrypt and virtual environment dependencies.../home/droid/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning. InsecurePlatformWarning ./home/droid/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning. InsecurePlatformWarning ../home/droid/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning. InsecurePlatformWarning
After that it is hanging and nothing happens.

stemid · December 8, 2015, 2:34pm

These instructions helped me with my problem on Debian 7.9 with Python 2.7.5.

Unfortunately I couldn’t follow them verbatim, here’s what I did.

$ sudo apt-get install libffi-dev
$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ ./letsencrypt-auto --help
[...]
Command "/home/stemid/.local/share/letsencrypt/bin/python2.7 -c "import setuptools,..." failed with error code 1 in /tmp/pip-build-PYh2Of/cryptography
$ . ../.local/share/letsencrypt/bin/activate
$ pip install pyopenssl ndg-httpsclient pyasn1
$ deactivate
$ ./letsencrypt-auto --help

And then it should work.

So to summarize, run the client once and let it fail so the virtualenv is created and then activate the virtualenv in your own shell to install pyopenssl.

Make sure pip install cryptography works before leaving the virtualenv.

flybayer · December 12, 2015, 10:33pm

I had the same problem and got it working with the below changes to ./letsencrypt-auto. The above suggested changes didn’t work because they need to be installed before letsencrypt

$VENV_BIN/pip install -U pip
$VENV_BIN/pip install -U pyopenssl ndg-httpsclient pyasn1 # <- added this here

and

$VENV_BIN/pip install -U pip > /dev/null
print .
$VENV_BIN/pip install -U pyopenssl ndg-httpsclient pyasn1  # <- added this here

Cheers!

Topic		Replies	Views
Getting insecure platform warning Help	2	5516	December 8, 2015
InsecurePlatformWarning & Failed building wheel for cryptography \| cffi Server	6	8624	January 8, 2016
CentOS 7 setup missing python pieces Help	0	1859	December 7, 2015
Error while executing instructions mentioned in beta invite [./letsencrypt-auto ] Help	1	3638	October 27, 2015
"python setup.py egg_info" failed with error code 1 in /tmp/pip-build-NktBcn/ConfigArgParse Help	4	36489	November 7, 2015

InsecurePlatformWarning on Ubuntu 14.04 w/ Python 2.7.6

Related topics