I just went back to an EC2 instance that has worked in the past, and now it throws this when running letsencrypt-auto:
Traceback (most recent call last):
File "/home/ec2-user/.local/share/letsencrypt/bin/letsencrypt", line 7, in <module>
from letsencrypt.cli import main
File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/letsencrypt/cli.py", line 17, in <module>
import OpenSSL
File "/home/ec2-user/.local/share/letsencrypt/local/lib64/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import rand, crypto, SSL
File "/home/ec2-user/.local/share/letsencrypt/local/lib64/python2.7/site-packages/OpenSSL/rand.py", line 11, in <module>
from OpenSSL._util import (
File "/home/ec2-user/.local/share/letsencrypt/local/lib64/python2.7/site-packages/OpenSSL/_util.py", line 6, in <module>
from cryptography.hazmat.bindings.openssl.binding import Binding
ImportError: No module named cryptography.hazmat.bindings.openssl.binding
I tried
/home/ec2-user/.local/share/letsencrypt/bin/pip install cryptography
which said it was “Running setup.py for cryptograpy” but letsencrypt-auto still fails with the same stack. The package looks to be installed:
#ls /home/ec2-user/.local/share/letsencrypt/lib64/python2.7/dist-packages/cryptography/hazmat/bindings/openssl/
binding.py binding.pyc _conditional.py _conditional.pyc __init__.py __init__.pyc
If I do
# /home/ec2-user/.local/share/letsencrypt/bin/pip install pyOpenSSL==0.14
(based on pip install error on Ubuntu due to pyOpenSSL breaking change · Issue #557 · mitmproxy/mitmproxy · GitHub) then the error changes to
File "/home/ec2-user/.local/share/letsencrypt/bin/letsencrypt", line 7, in <module>
from letsencrypt.cli import main
File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/letsencrypt/cli.py", line 17, in <module>
import OpenSSL
ImportError: No module named OpenSSL
which makes me think something is out of sync.
Removing /home/ec2-user/.local/share/letsencrypt/ and trying again doesn’t get any further.
# /home/ec2-user/.local/share/letsencrypt/bin/pip list
acme (0.1.1)
ConfigArgParse (0.10.0)
configobj (5.0.6)
enum34 (1.1.1)
funcsigs (0.4)
idna (2.0)
ipaddress (1.0.15)
letsencrypt (0.1.1)
letsencrypt-apache (0.1.1)
mock (1.3.0)
ndg-httpsclient (0.4.0)
parsedatetime (1.5)
pbr (1.8.1)
pip (7.1.2)
pyasn1 (0.1.9)
pycparser (2.14)
python-augeas (0.5.0)
python2-pythondialog (3.3.0)
pytz (2015.7)
requests (2.9.0)
setuptools (19.0)
six (1.10.0)
zope.component (4.2.2)
zope.event (4.1.0)
Even after
$VENV_BIN/pip install pyOpenSSL
$VENV_BIN/pip install cryptography
virtualenv --no-site-packages --python /usr/bin/python27 $VENV_PATH
I can’t get cryptography to show up in
/home/ec2-user/.local/share/letsencrypt/bin/pip list
Confused.
Fixed it:
sudo /home/ec2-user/.local/share/letsencrypt/bin/pip install cyrptography
sudo /home/ec2-user/.local/share/letsencrypt/bin/pip install interface
sudo /home/ec2-user/.local/share/letsencrypt/bin/pip install pyrfc3339
sudo /home/ec2-user/.local/share/letsencrypt/bin/pip install werkzeug
sudo /home/ec2-user/.local/share/letsencrypt/bin/pip install psutil
Just need to replace the typo on cryptography ;), but this definitely solves the problem on Amazon Linux
sudo /home/ec2-user/.local/share/letsencrypt/bin/pip install cryptography
FYI, the following (without any of the above) fixed this error for me:
sudo pip install -U pip virtualenv
This places pip in a different location (/usr/local/bin/pip), I think, but as long as this is in your path, you should be fine.
pip install -U pip virtualenv did not work for me.
I did use the 5 installs listed above, PLUS in lib64/python2.7 directory I had to remove the empty site-packages directory and softlink it to dist-packages. Once done, all worked.
many thanks! my certbot-auto on amazon linux just randomly stopped working today (weird because i haven’t done any package updates), and your symlink from dist-packages to site-packages fixed it.
now the question is, is this going to happen every time certbot-auto tries to upgrade itself? is there a better way to install/maintain certbot on amazon linux? i use the certbot package from epel on centos6 and centos7, is this known to work on amazon linux?