Python ImportError No module name _cffi_backend

I was successfully used the LetsEncrypt client a couple of weeks ago but today (after a refresh from github) I started getting this error “ImportError: No module named _cffi_backend”. Here’s the full output:
./letsencrypt-auto --debug

Updating letsencrypt and virtual environment dependencies…
Running with virtualenv: sudo /home/ec2-user/.local/share/letsencrypt/bin/letsencrypt --debug
Traceback (most recent call last):
File “/home/ec2-user/.local/share/letsencrypt/bin/letsencrypt”, line 7, in
from letsencrypt.cli import main
File “/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/”, line 17, in
import OpenSSL
File “/home/ec2-user/.local/share/letsencrypt/local/lib64/python2.7/site-packages/OpenSSL/”, line 8, in
from OpenSSL import rand, crypto, SSL
File “/home/ec2-user/.local/share/letsencrypt/local/lib64/python2.7/site-packages/OpenSSL/”, line 11, in
from OpenSSL._util import (
File “/home/ec2-user/.local/share/letsencrypt/local/lib64/python2.7/site-packages/OpenSSL/”, line 6, in
from cryptography.hazmat.bindings.openssl.binding import Binding
File “/home/ec2-user/.local/share/letsencrypt/local/lib64/python2.7/site-packages/cryptography/hazmat/bindings/openssl/”, line 13, in
from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: No module named _cffi_backend

You may need to install libffi, which you can install with:

sudo apt-get install build-essential libssl-dev libffi-dev python-dev


sudo yum install gcc libffi-devel python-devel openssl-devel

Wow, thanks for the super fast response. I tried your suggestion and here’s the output;

sudo yum install gcc libffi-devel python-devel openssl-devel
Loaded plugins: priorities, update-motd, upgrade-helper
amzn-main/latest | 2.1 kB 00:00
amzn-updates/latest | 2.3 kB 00:00
Package gcc-4.8.3-3.20.amzn1.noarch already installed and latest version
Package libffi-devel-3.0.13-11.4.amzn1.x86_64 already installed and latest version
Package python26-devel-2.6.9-2.83.amzn1.x86_64 already installed and latest version
Package 1:openssl-devel-1.0.1k-13.88.amzn1.x86_64 already installed and latest version
Nothing to do

Unfortunately, the ImportError continues the same.

interesting, what version of python are you using ?

$ python --version
Python 2.7.10

I haven’t got a similar system to test, and can’t see any other obvious errors. Hopefully someone else will be along shortly who can help.

I’m assuming you are on Amazon (from the amzn ), which has given a few issues, but I don’t recall seeing one like this ( nor could I find one in search)

The other slightly off thing I find is that you got “Package python26-devel-2.6.9-2.83.amzn1.x86_64 already installed and latest version” yet are running Python 2.7.10 …

Thanks, I really appreciate you taking a look at it for me. I am on Amazon which is why I’ve been using the “manual” method. And yes, I agree, it definitely looks odd. There is a python27-devel package that can be installed, but the command sudo yum install gcc libffi-devel python-devel openssl-devel always wants to install the python26-devel package.

This may help define why Amazon support is still buggy? :wink:

Thanks again

You’re Welcome :slight_smile: It may be worth looking at other clients - I use acme-tiny on a number of servers.

Not to hijack the thread but did anyone ever figure out the issue with this? My company is attempting to try and use letsencrypt but we use aws linux on nearly everything and are running into the same issue.

Thanks for your time.

Have you tried using pypi to install letsencrypt?

pip install letsencrypt

I didn’t resolve this Python issue however, I was able to successfully use the LetsEncrypt software. I used a Vagrant and a plain vanilla setup of Centos 6.7 since that’s what I’m familiar with. The software ran fine and I used it in “certonly” and “manual” mode. You have to follow the instructions to create the file on your web server that the software wants to examine for validation but once you do that it created the certificates I needed which I then uploaded to AWS Key Store and used to setup my AWS Load Balancer. It worked just like a champ. I’ll be working on finding a good automation approach as my method involves several manual steps but so far so good. My certs work just fine. Hopefully that will help Treadstone" get setup. And thanks StopSpazzing for the recommendation, I’ll give “pypi” a shot as I work through automating the process. Happy Holidays everyone.

1 Like

Refer to this here close to the end