Python Requests Library Not Completing HTTPs Connections

Because the topic was closed and it is not possible to reply to it, and the problem still persist, i open it as new topic.

root@server07:~/ssl# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.2 LTS
Release:        16.04
Codename:       xenial

letsencrypt certonly -a webroot --webroot-path /mypath -d mydomain

returns

https://acme-v01.api.letsencrypt.org/directory
JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey object at 0x7fe7ceb206d0>)>)
<acme.client.ClientNetwork object at 0x7fe7ceaf6050>
An unexpected error occurred:
SSLError: [X509] PEM lib (_ssl.c:2831)
Please see the logfiles in /var/log/letsencrypt for more details.

Any help how not to use option to skip ssl verification is appreciated.

can you please post the contents of the log file?

should help with whats causing the issues

2017-03-27 19:43:45,557:DEBUG:letsencrypt.cli:Root logging level set at 30
2017-03-27 19:43:45,558:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-03-27 19:43:45,559:DEBUG:letsencrypt.cli:letsencrypt version: 0.4.1
2017-03-27 19:43:45,559:DEBUG:letsencrypt.cli:Arguments: ['-a', 'webroot', '--webroot-path', '/myprojectdir/htdocs', '-d', 'www.mydomain.com', '-d', 'sk.mydomain.com', '-d', 'mydomain.com']
2017-03-27 19:43:45,559:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2017-03-27 19:43:45,563:DEBUG:letsencrypt.cli:Requested authenticator webroot and installer None
2017-03-27 19:43:45,564:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /myprojectdir/htdocs/.well-known/acme-challenge
2017-03-27 19:43:45,564:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /myprojectdir/htdocs/.well-known/acme-challenge
2017-03-27 19:43:45,564:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /myprojectdir/htdocs/.well-known/acme-challenge
2017-03-27 19:43:45,564:DEBUG:letsencrypt.display.ops:Single candidate plugin: * webroot
Description: Webroot Authenticator
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = letsencrypt.plugins.webroot:Authenticator
Initialized: <letsencrypt.plugins.webroot.Authenticator object at 0x7f72693525d0>
Prep: True
2017-03-27 19:43:45,565:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt.plugins.webroot.Authenticator object at 0x7f72693525d0> and installer None
2017-03-27 19:44:04,330:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2017-03-27 19:44:04,399:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-03-27 19:44:04,632:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/letsencrypt", line 9, in <module>
    load_entry_point('letsencrypt==0.4.1', 'console_scripts', 'letsencrypt')()
  File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1986, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 689, in obtain_cert
    le_client = _init_le_client(config, authenticator, installer)
  File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 206, in _init_le_client
    acc, acme = _determine_account(config)
  File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 191, in _determine_account
    config, account_storage, tos_cb=_tos_cb)
  File "/usr/lib/python2.7/dist-packages/letsencrypt/client.py", line 121, in register
    acme = acme_from_config_key(config, key)
  File "/usr/lib/python2.7/dist-packages/letsencrypt/client.py", line 46, in acme_from_config_key
    return acme_client.Client(config.server, key=key, net=net)
  File "/usr/lib/python2.7/dist-packages/acme/client.py", line 63, in __init__
    self.net.get(directory).json())
  File "/usr/lib/python2.7/dist-packages/acme/client.py", line 627, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/usr/lib/python2.7/dist-packages/acme/client.py", line 609, in _send_request
    response = requests.request(method, url, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/api.py", line 53, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 447, in send
    raise SSLError(e, request=request)
SSLError: [X509] PEM lib (_ssl.c:2831)

Hi @scholtz

I have had a look at your last post and you seemed to have made a small mistake in your testing

certbot uses urllib3 and you tested with urllib2.

2017-03-27 19:44:04,399:INFO:requests.packages.urllib3.connectionpool:Starting new

how i would fix this

A) create a virtual environment (are you running python 2.7 or 3.x or both?)
B) run pip-install certbot in your virtual environment
C) run certbot command see if issue persists

My suspicion is pything library corruption is the culrpit and testing in a virtual environment will not affect your OS python configs

Andrei

Hi @scholtz

A bit more information:

I use Windows but the concept is the same.

Note certbot is now on version 12 or 13 I just haven’t updated that virtual environment.

Andrei

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.