Suddenly stopped running on Amazon Linux [solved]

thefalken · December 16, 2015, 11:50am

I just went back to an EC2 instance that has worked in the past, and now it throws this when running letsencrypt-auto:

Traceback (most recent call last):
  File "/home/ec2-user/.local/share/letsencrypt/bin/letsencrypt", line 7, in <module>
    from letsencrypt.cli import main
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/letsencrypt/cli.py", line 17, in <module>
    import OpenSSL
  File "/home/ec2-user/.local/share/letsencrypt/local/lib64/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import rand, crypto, SSL
  File "/home/ec2-user/.local/share/letsencrypt/local/lib64/python2.7/site-packages/OpenSSL/rand.py", line 11, in <module>
    from OpenSSL._util import (
  File "/home/ec2-user/.local/share/letsencrypt/local/lib64/python2.7/site-packages/OpenSSL/_util.py", line 6, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
ImportError: No module named cryptography.hazmat.bindings.openssl.binding

I tried

 /home/ec2-user/.local/share/letsencrypt/bin/pip install cryptography

which said it was “Running setup.py for cryptograpy” but letsencrypt-auto still fails with the same stack. The package looks to be installed:

#ls /home/ec2-user/.local/share/letsencrypt/lib64/python2.7/dist-packages/cryptography/hazmat/bindings/openssl/
binding.py  binding.pyc  _conditional.py  _conditional.pyc  __init__.py  __init__.pyc

thefalken · December 16, 2015, 12:08pm

If I do
# /home/ec2-user/.local/share/letsencrypt/bin/pip install pyOpenSSL==0.14
(based on pip install error on Ubuntu due to pyOpenSSL breaking change · Issue #557 · mitmproxy/mitmproxy · GitHub) then the error changes to

File "/home/ec2-user/.local/share/letsencrypt/bin/letsencrypt", line 7, in <module>
from letsencrypt.cli import main
File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/letsencrypt/cli.py", line 17, in <module>
import OpenSSL
ImportError: No module named OpenSSL

which makes me think something is out of sync.

thefalken · December 16, 2015, 12:12pm

Removing /home/ec2-user/.local/share/letsencrypt/ and trying again doesn’t get any further.

# /home/ec2-user/.local/share/letsencrypt/bin/pip list
acme (0.1.1)
ConfigArgParse (0.10.0)
configobj (5.0.6)
enum34 (1.1.1)
funcsigs (0.4)
idna (2.0)
ipaddress (1.0.15)
letsencrypt (0.1.1)
letsencrypt-apache (0.1.1)
mock (1.3.0)
ndg-httpsclient (0.4.0)
parsedatetime (1.5)
pbr (1.8.1)
pip (7.1.2)
pyasn1 (0.1.9)
pycparser (2.14)
python-augeas (0.5.0)
python2-pythondialog (3.3.0)
pytz (2015.7)
requests (2.9.0)
setuptools (19.0)
six (1.10.0)
zope.component (4.2.2)
zope.event (4.1.0)

thefalken · December 16, 2015, 12:20pm

Even after

$VENV_BIN/pip install pyOpenSSL
$VENV_BIN/pip install cryptography
virtualenv --no-site-packages --python /usr/bin/python27 $VENV_PATH

I can’t get cryptography to show up in

/home/ec2-user/.local/share/letsencrypt/bin/pip list

Confused.

thefalken · December 16, 2015, 12:41pm

Fixed it:

sudo /home/ec2-user/.local/share/letsencrypt/bin/pip install cyrptography
sudo /home/ec2-user/.local/share/letsencrypt/bin/pip install interface
sudo /home/ec2-user/.local/share/letsencrypt/bin/pip install pyrfc3339
sudo /home/ec2-user/.local/share/letsencrypt/bin/pip install werkzeug
sudo /home/ec2-user/.local/share/letsencrypt/bin/pip install psutil

alexduros · March 15, 2016, 4:47pm

Just need to replace the typo on cryptography ;), but this definitely solves the problem on Amazon Linux

sudo /home/ec2-user/.local/share/letsencrypt/bin/pip install cryptography

tobiasmcnulty · June 27, 2016, 2:22am

FYI, the following (without any of the above) fixed this error for me:

sudo pip install -U pip virtualenv

This places pip in a different location (/usr/local/bin/pip), I think, but as long as this is in your path, you should be fine.

KnBrckr · March 6, 2018, 7:58pm

pip install -U pip virtualenv did not work for me.

I did use the 5 installs listed above, PLUS in lib64/python2.7 directory I had to remove the empty site-packages directory and softlink it to dist-packages. Once done, all worked.

gmorten1 · March 8, 2018, 4:01pm

many thanks! my certbot-auto on amazon linux just randomly stopped working today (weird because i haven’t done any package updates), and your symlink from dist-packages to site-packages fixed it.

now the question is, is this going to happen every time certbot-auto tries to upgrade itself? is there a better way to install/maintain certbot on amazon linux? i use the certbot package from epel on centos6 and centos7, is this known to work on amazon linux?

system · April 7, 2018, 4:02pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.