Suddenly stopped running on Amazon Linux [solved]


I just went back to an EC2 instance that has worked in the past, and now it throws this when running letsencrypt-auto:

Traceback (most recent call last):
  File "/home/ec2-user/.local/share/letsencrypt/bin/letsencrypt", line 7, in <module>
    from letsencrypt.cli import main
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/letsencrypt/", line 17, in <module>
    import OpenSSL
  File "/home/ec2-user/.local/share/letsencrypt/local/lib64/python2.7/site-packages/OpenSSL/", line 8, in <module>
    from OpenSSL import rand, crypto, SSL
  File "/home/ec2-user/.local/share/letsencrypt/local/lib64/python2.7/site-packages/OpenSSL/", line 11, in <module>
    from OpenSSL._util import (
  File "/home/ec2-user/.local/share/letsencrypt/local/lib64/python2.7/site-packages/OpenSSL/", line 6, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
ImportError: No module named cryptography.hazmat.bindings.openssl.binding

I tried

 /home/ec2-user/.local/share/letsencrypt/bin/pip install cryptography

which said it was “Running for cryptograpy” but letsencrypt-auto still fails with the same stack. The package looks to be installed:

#ls /home/ec2-user/.local/share/letsencrypt/lib64/python2.7/dist-packages/cryptography/hazmat/bindings/openssl/  binding.pyc  _conditional.pyc  __init__.pyc

Installation hangs at "Running install for cryptography"

If I do
# /home/ec2-user/.local/share/letsencrypt/bin/pip install pyOpenSSL==0.14
(based on then the error changes to

File "/home/ec2-user/.local/share/letsencrypt/bin/letsencrypt", line 7, in <module>
from letsencrypt.cli import main
File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/letsencrypt/", line 17, in <module>
import OpenSSL
ImportError: No module named OpenSSL

which makes me think something is out of sync.


Removing /home/ec2-user/.local/share/letsencrypt/ and trying again doesn’t get any further.

# /home/ec2-user/.local/share/letsencrypt/bin/pip list
acme (0.1.1)
ConfigArgParse (0.10.0)
configobj (5.0.6)
enum34 (1.1.1)
funcsigs (0.4)
idna (2.0)
ipaddress (1.0.15)
letsencrypt (0.1.1)
letsencrypt-apache (0.1.1)
mock (1.3.0)
ndg-httpsclient (0.4.0)
parsedatetime (1.5)
pbr (1.8.1)
pip (7.1.2)
pyasn1 (0.1.9)
pycparser (2.14)
python-augeas (0.5.0)
python2-pythondialog (3.3.0)
pytz (2015.7)
requests (2.9.0)
setuptools (19.0)
six (1.10.0)
zope.component (4.2.2)
zope.event (4.1.0)


Even after

$VENV_BIN/pip install pyOpenSSL
$VENV_BIN/pip install cryptography
virtualenv --no-site-packages --python /usr/bin/python27 $VENV_PATH

I can’t get cryptography to show up in

/home/ec2-user/.local/share/letsencrypt/bin/pip list



Fixed it:

sudo /home/ec2-user/.local/share/letsencrypt/bin/pip install cyrptography
sudo /home/ec2-user/.local/share/letsencrypt/bin/pip install interface
sudo /home/ec2-user/.local/share/letsencrypt/bin/pip install pyrfc3339
sudo /home/ec2-user/.local/share/letsencrypt/bin/pip install werkzeug
sudo /home/ec2-user/.local/share/letsencrypt/bin/pip install psutil

Problem when using ./certbot-auto

Just need to replace the typo on cryptography ;), but this definitely solves the problem on Amazon Linux

sudo /home/ec2-user/.local/share/letsencrypt/bin/pip install cryptography


FYI, the following (without any of the above) fixed this error for me:

sudo pip install -U pip virtualenv

This places pip in a different location (/usr/local/bin/pip), I think, but as long as this is in your path, you should be fine.


pip install -U pip virtualenv did not work for me.

I did use the 5 installs listed above, PLUS in lib64/python2.7 directory I had to remove the empty site-packages directory and softlink it to dist-packages. Once done, all worked.


many thanks! my certbot-auto on amazon linux just randomly stopped working today (weird because i haven’t done any package updates), and your symlink from dist-packages to site-packages fixed it.

now the question is, is this going to happen every time certbot-auto tries to upgrade itself? is there a better way to install/maintain certbot on amazon linux? i use the certbot package from epel on centos6 and centos7, is this known to work on amazon linux?


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.