Renew Error:No module named cryptography.hazmat.bindings.openssl.binding

I do the force renewal for the certificate but I get the error as shown below. Can anyone help? Thanks.

letsencrypt]$ ./letsencrypt-auto --force-renewal
Requesting to rerun ./letsencrypt-auto with root privileges…
Error: couldn’t get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 7, in
from certbot.main import main
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py”, line 10, in
import josepy as jose
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/init.py”, line 41, in
from josepy.interfaces import JSONDeSerializable
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py”, line 8, in
from josepy import errors, util
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py”, line 4, in
import OpenSSL
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/init.py”, line 8, in
from OpenSSL import rand, crypto, SSL
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/rand.py”, line 12, in
from OpenSSL._util import (
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/_util.py”, line 6, in
from cryptography.hazmat.bindings.openssl.binding import Binding
ImportError: No module named cryptography.hazmat.bindings.openssl.binding

Have you tried running with sudo?

Hi Jared.m, it didn’t work.

Hm, well, letsencrypt-auto is a really old name for certbot-auto. You might try installing a newer version. It’s not unreasonable to suspect that you might be having obsolescence issues.

That should be fine, probably. Regardless of the executable’s name, the use of “/opt/eff.org/certbot/” shows that certbot-auto has successfully updated itself to a fairly recent version.

It’s probably an old install that has updated itself to the current version over time.

I don’t know what’s going wrong.

Edit:

@bv1, could you answer the questions below?

Including what happened when you ran it with sudo.

It sounds like a known compatibility issue with Amazon Linux, that has a number of hacky workarounds, but not an official fix yet.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Although using this name is a sign of following an out-of-date tutorial or other out-of-date documentation, the letsencrypt-auto updater still continues to update to the newest Certbot release, even today.

Hello All, I did the sudo and the result was exactly the same as I post it in the question asking to solve the issue. It did not work.

I found the solution. The problem is solved. I got the certificate renew.

The solution steps:

1. Install the cryptography: pip install cryptography
2. In Lib64, link dist-packages to site-package of python2.7: ln -s dist-packages site-pagages
3. Run renew with letsencrypt-auto or certbot-auto

Thanks to Jared.m, monodoff, schoen.
Cheers

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.