Python Requests Library Not Completing HTTPs Connections


#1

Because the topic was closed and it is not possible to reply to it, and the problem still persist, i open it as new topic.

root@server07:~/ssl# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.2 LTS
Release:        16.04
Codename:       xenial

letsencrypt certonly -a webroot --webroot-path /mypath -d mydomain

returns

https://acme-v01.api.letsencrypt.org/directory
JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey object at 0x7fe7ceb206d0>)>)
<acme.client.ClientNetwork object at 0x7fe7ceaf6050>
An unexpected error occurred:
SSLError: [X509] PEM lib (_ssl.c:2831)
Please see the logfiles in /var/log/letsencrypt for more details.

Any help how not to use option to skip ssl verification is appreciated.


#2

can you please post the contents of the log file?

should help with whats causing the issues


#3
2017-03-27 19:43:45,557:DEBUG:letsencrypt.cli:Root logging level set at 30
2017-03-27 19:43:45,558:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-03-27 19:43:45,559:DEBUG:letsencrypt.cli:letsencrypt version: 0.4.1
2017-03-27 19:43:45,559:DEBUG:letsencrypt.cli:Arguments: ['-a', 'webroot', '--webroot-path', '/myprojectdir/htdocs', '-d', 'www.mydomain.com', '-d', 'sk.mydomain.com', '-d', 'mydomain.com']
2017-03-27 19:43:45,559:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2017-03-27 19:43:45,563:DEBUG:letsencrypt.cli:Requested authenticator webroot and installer None
2017-03-27 19:43:45,564:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /myprojectdir/htdocs/.well-known/acme-challenge
2017-03-27 19:43:45,564:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /myprojectdir/htdocs/.well-known/acme-challenge
2017-03-27 19:43:45,564:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /myprojectdir/htdocs/.well-known/acme-challenge
2017-03-27 19:43:45,564:DEBUG:letsencrypt.display.ops:Single candidate plugin: * webroot
Description: Webroot Authenticator
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = letsencrypt.plugins.webroot:Authenticator
Initialized: <letsencrypt.plugins.webroot.Authenticator object at 0x7f72693525d0>
Prep: True
2017-03-27 19:43:45,565:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt.plugins.webroot.Authenticator object at 0x7f72693525d0> and installer None
2017-03-27 19:44:04,330:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2017-03-27 19:44:04,399:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-03-27 19:44:04,632:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/letsencrypt", line 9, in <module>
    load_entry_point('letsencrypt==0.4.1', 'console_scripts', 'letsencrypt')()
  File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1986, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 689, in obtain_cert
    le_client = _init_le_client(config, authenticator, installer)
  File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 206, in _init_le_client
    acc, acme = _determine_account(config)
  File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 191, in _determine_account
    config, account_storage, tos_cb=_tos_cb)
  File "/usr/lib/python2.7/dist-packages/letsencrypt/client.py", line 121, in register
    acme = acme_from_config_key(config, key)
  File "/usr/lib/python2.7/dist-packages/letsencrypt/client.py", line 46, in acme_from_config_key
    return acme_client.Client(config.server, key=key, net=net)
  File "/usr/lib/python2.7/dist-packages/acme/client.py", line 63, in __init__
    self.net.get(directory).json())
  File "/usr/lib/python2.7/dist-packages/acme/client.py", line 627, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/usr/lib/python2.7/dist-packages/acme/client.py", line 609, in _send_request
    response = requests.request(method, url, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/api.py", line 53, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 447, in send
    raise SSLError(e, request=request)
SSLError: [X509] PEM lib (_ssl.c:2831)

#4

Hi @scholtz

I have had a look at your last post and you seemed to have made a small mistake in your testing

certbot uses urllib3 and you tested with urllib2.

2017-03-27 19:44:04,399:INFO:requests.packages.urllib3.connectionpool:Starting new

how i would fix this

A) create a virtual environment (are you running python 2.7 or 3.x or both?)
B) run pip-install certbot in your virtual environment
C) run certbot command see if issue persists

My suspicion is pything library corruption is the culrpit and testing in a virtual environment will not affect your OS python configs

Andrei


#5

Hi @scholtz

A bit more information:

I use Windows but the concept is the same.

Note certbot is now on version 12 or 13 I just haven’t updated that virtual environment.

Andrei


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.