[Solved] Use fail: library has no ciphers

I'm completely new to this. Obtained the program with git, then ran the following command. Everything is a bit opaque, so not sure what's what.

Command:

./letsencrypt-auto certonly --webroot -w /mnt/web-sites/landing -d rdmp.org -d www.rdmp.org

Output:

An unexpected error occurred:
Error: [('SSL routines', 'SSL_CIPHER_STRENGTH_SORT', 'malloc failure'), ('SSL routines', 'SSL_CTX_new', 'library has no ciphers')]

Log:

2016-02-28 11:56:42,360:DEBUG:letsencrypt.cli:Root logging level set at 30
2016-02-28 11:56:42,469:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-02-28 11:56:42,469:DEBUG:letsencrypt.cli:letsencrypt version: 0.4.0
2016-02-28 11:56:42,470:DEBUG:letsencrypt.cli:Arguments: ['--no-self-upgrade', '--agree-dev-preview', '--webroot', '-w', '/mnt/web-sites/landing', '-d', 'rdmp.org', '-d', 'www.rdmp.org', '--server', 'https://acme-v01.api.letsencrypt.org/directory']
2016-02-28 11:56:42,470:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-02-28 11:56:42,713:DEBUG:letsencrypt.cli:Requested authenticator webroot and installer None
2016-02-28 11:56:42,716:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /mnt/web-sites/landing/.well-known/acme-challenge
2016-02-28 11:56:42,716:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /mnt/web-sites/landing/.well-known/acme-challenge
2016-02-28 11:56:42,716:DEBUG:letsencrypt.display.ops:Single candidate plugin: * webroot
Description: Webroot Authenticator
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = letsencrypt.plugins.webroot:Authenticator
Initialized: <letsencrypt.plugins.webroot.Authenticator object at 0x99530ac>
Prep: True
2016-02-28 11:56:42,717:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt.plugins.webroot.Authenticator object at 0x99530ac> and installer None
2016-02-28 11:57:20,156:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2016-02-28 11:57:20,163:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-02-28 11:57:20,268:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/bin/letsencrypt", line 9, in
load_entry_point('letsencrypt==0.4.0', 'console_scripts', 'letsencrypt')()
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/letsencrypt/cli.py", line 1987, in main
return config.func(config, plugins)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/letsencrypt/cli.py", line 690, in obtain_cert
le_client = _init_le_client(config, authenticator, installer)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/letsencrypt/cli.py", line 206, in _init_le_client
acc, acme = _determine_account(config)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/letsencrypt/cli.py", line 191, in _determine_account
config, account_storage, tos_cb=_tos_cb)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/letsencrypt/client.py", line 116, in register
acme = acme_from_config_key(config, key)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/letsencrypt/client.py", line 41, in acme_from_config_key
return acme_client.Client(config.server, key=key, net=net)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/acme/client.py", line 63, in init
self.net.get(directory).json())
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/acme/client.py", line 619, in get
self._send_request('GET', url, **kwargs), content_type=content_type)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/acme/client.py", line 601, in _send_request
response = requests.request(method, url, *args, **kwargs)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/requests/api.py", line 53, in request
return session.request(method=method, url=url, **kwargs)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/requests/sessions.py", line 468, in request
resp = self.send(prep, **send_kwargs)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/requests/sessions.py", line 576, in send
r = adapter.send(request, **kwargs)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/requests/adapters.py", line 376, in send
timeout=timeout
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/requests/packages/urllib3/connectionpool.py", line 559, in urlopen
body=body, headers=headers)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/requests/packages/urllib3/connectionpool.py", line 345, in _make_request
self._validate_conn(conn)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/requests/packages/urllib3/connectionpool.py", line 784, in _validate_conn
conn.connect()
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/requests/packages/urllib3/connection.py", line 252, in connect
ssl_version=resolved_ssl_version)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/requests/packages/urllib3/contrib/pyopenssl.py", line 272, in ssl_wrap_socket
ctx = OpenSSL.SSL.Context(_openssl_versions[ssl_version])
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/OpenSSL/SSL.py", line 478, in init
_raise_current_error()
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/OpenSSL/_util.py", line 48, in exception_from_error_queue
raise exception_type(errors)
Error: [('SSL routines', 'SSL_CIPHER_STRENGTH_SORT', 'malloc failure'), ('SSL routines', 'SSL_CTX_new', 'library has no ciphers')]

What OS/version are you using?

Were there any errors when you first ran ./letsencrypt-auto, while it was installing dependencies?
If you don’t have that output anymore, run rm -rf ~/.local/share/letsencrypt/ and then execute ./letsencrypt-auto again and post the output here.

This was the first run. There were no errors installing dependencies. After that, it asked for my e-mail address in a curses box, and then the error occurred shortly afterwards. I have since run the command

openssl ciphers

on the command line, and do get a valid list of them.

OS is a Debian squeeze/wheezy hybrid.

The first line of your output after the first run should be something like Bootstrapping dependencies for Debian-based OSes, followed by some apt- and pip-output. Curses dialogs sometimes mess with previous output with certain SSH clients, maybe you have more luck if you follow the steps above and add --text to your ./letsencrypt-auto invocation.

This sounds like it could trip up the dependency installation process. I'm not sure if it's feasible to support this.

Okay, the problem was my twisted system, and in particular an old python 2.6 miscommunicating with a brand-new openssl library. I spotted this by following the advice above and reading carefully through the on-screen messages.

In the end I used acme_tiny.py to do the job, which, TBH, I wish I’d used in the first place; I’m sure all sysadmins would prefer this specific, minimal, verifiable tool to that big flabby system sledgehammer that is the letsencrypt program.

None of which is to detract from the letsencrypt service, which is phenomenal! Well done and thank you very much.

1 Like