No module named '_cffi_backend' when running certbot command

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: no domain name yet because currently setting up

I ran this command:
sudo certbot --nginx -d

It produced this output:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==0.40.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/pkg_resources/", line 490, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python3/dist-packages/pkg_resources/", line 2854, in load_entry_point
return ep.load()
File "/usr/lib/python3/dist-packages/pkg_resources/", line 2445, in load
return self.resolve()
File "/usr/lib/python3/dist-packages/pkg_resources/", line 2451, in resolve
module = import(self.module_name, fromlist=['name'], level=0)
File "/usr/lib/python3/dist-packages/certbot/", line 10, in
import josepy as jose
File "/usr/lib/python3/dist-packages/josepy/", line 41, in
from josepy.interfaces import JSONDeSerializable
File "/usr/lib/python3/dist-packages/josepy/", line 7, in
from josepy import errors, util
File "/usr/lib/python3/dist-packages/josepy/", line 7, in
import OpenSSL
File "/usr/lib/python3/dist-packages/OpenSSL/", line 8, in
from OpenSSL import crypto, SSL
File "/usr/lib/python3/dist-packages/OpenSSL/", line 12, in
from cryptography import x509
File "/usr/lib/python3/dist-packages/cryptography/x509/", line 8, in
from cryptography.x509.base import (
File "/usr/lib/python3/dist-packages/cryptography/x509/", line 18, in
from cryptography.x509.extensions import Extension, ExtensionType
File "/usr/lib/python3/dist-packages/cryptography/x509/", line 20, in
from cryptography.hazmat.primitives import constant_time, serialization
File "/usr/lib/python3/dist-packages/cryptography/hazmat/primitives/", line 11, in
from cryptography.hazmat.bindings._constant_time import lib
ModuleNotFoundError: No module named '_cffi_backend'
My web server is (include version):
nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 20.04.4 LTS

My hosting provider, if applicable, is:
Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot is already the newest version (0.40.0-1ubuntu0.1).

Perhaps try:

apt-get -y reinstall python3-cffi-backend libffi7 python3-cryptography libssl1.1


I tried this command

sudo apt install python3-pip python3-dev build-essential libssl-dev libffi-dev python3-setuptools

and also your recommendation successfully :

Unpacking python3-cryptography (2.8-3ubuntu0.1) over (2.8-3ubuntu0.1) ...
Setting up libssl1.1:amd64 (1.1.1f-1ubuntu2.13) ...
Setting up python3-cffi-backend (1.14.0-1build1) ...
Setting up python3-cryptography (2.8-3ubuntu0.1) ...
Processing triggers for libc-bin (2.31-0ubuntu9.9) ...

but certbot command still returns the same error.


1 Like

Maybe I'm just not very patient today...

But I'd just remove that version and try another ACME client.
Switch to the snap version of certbot.

1 Like

Use pip in a virtual environment.

1 Like

Didn't ubuntu/canonical invent snap? Seems like as good a reason as any to use certbot from the official snap distro instead of messing with dependencies.

Here's the instructions: Certbot Instructions | Certbot



Once I removed this package like this:

sudo apt-get -y remove python3-cffi-backend

and reinstalled like this:

sudo apt-get -y reinstall python3-cffi-backend libffi7 python3-cryptography libssl1.1

then certbot can be run successfully:

Congratulations! You have successfully enabled HTTPS on

Thank you very much,


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.