I am running an Amazon Linux host, and got it running fine. Then earlier this week I did an update to my GIT repo, and suddenly I can’t create certificates any more. I have both Python 2.6 and 2.7 installed, and the default points to 2.6.
Usually I run this as a normal user account, but I ran this as root in a scratch environment to ensure there’s no issues with permissions.
Using the amazonlinux branch I got an error importing OpenSSL:
Creating virtual environment... Updating letsencrypt and virtual environment dependencies....... Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --debug Traceback (most recent call last): File "/root/.local/share/letsencrypt/bin/letsencrypt", line 7, in <module> from letsencrypt.cli import main File "/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/letsencrypt/cli.py", line 21, in <module> import OpenSSL ImportError: No module named OpenSSL
This I fixed easily with
/root/.local/share/letsencrypt/bin/pip install pyOpenSSL
Next, I get this error:
Updating letsencrypt and virtual environment dependencies....... Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --debug Traceback (most recent call last): File "/root/.local/share/letsencrypt/bin/letsencrypt", line 7, in <module> from letsencrypt.cli import main File "/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/letsencrypt/cli.py", line 21, in <module> import OpenSSL File "/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in <module> from OpenSSL import rand, crypto, SSL File "/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/OpenSSL/rand.py", line 12, in <module> from OpenSSL._util import ( File "/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/OpenSSL/_util.py", line 6, in <module> from cryptography.hazmat.bindings.openssl.binding import Binding ImportError: No module named cryptography.hazmat.bindings.openssl.binding
I did a pip install cryptography, but that didn’t solve the issue. Eventually I noticed that some modules are detected by pip, but cffi and cryptography are always recompiled. Digging into the issue, I saw these modules are installed in
while all the others are in
I decided to see what sys.path in python looks like and got the following:
'/root/.local/share/letsencrypt/bin' '/root/.local/share/letsencrypt/local/lib64/python2.7/site-packages' '/root/.local/share/letsencrypt/local/lib/python2.7/site-packages' '/root/.local/share/letsencrypt/lib64/python2.7' '/root/.local/share/letsencrypt/lib/python2.7' '/root/.local/share/letsencrypt/lib64/python2.7/site-packages' '/root/.local/share/letsencrypt/lib/python2.7/site-packages' '/root/.local/share/letsencrypt/lib64/python2.7/lib-dynload' '/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages' '/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages' '/root/.local/share/letsencrypt/lib/python2.7/dist-packages' '/usr/lib64/python2.7' '/usr/lib/python2.7'
That would explain why it’s not picked up, as Python is not looking in the correct path.
I decided to trash my repository and virtual environment and rebuild them from the Master branch. However, I got the same issue there as well. I had a look at site.py in the repository, but I am not enough of a Python expert to put the right path in the right place.
I also tried to copy the files from lib64/dist-packages to lib/dist-packages, but it seems letsencrypt-auto removes them again.
I am not entirely sure if this is an issue with Amazon Linux or with the site.py in the repository. What would be the best way to find the issue here?