Undefined symbol: X509_VERIFY_PARAM_set1_ip_asc


So what’s with these insecureplatform warnings and ImportError: /home/xxx/.local/share/letsencrypt/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so: undefined symbol: X509_VERIFY_PARAM_set1_ip_asc error? i cannot even do anything with letsencrypt auto because whenever i run it i see these error and letsencrypt-auto just shuts itself.

I am running:
OS: Ubuntu 14.04 with nginx
Have both ipv4 and ipv6
Was successfull running it first time but had to install pip with these other module to fix insecureplatformwarning but it came back again and now letsencrypt-auto doesn’t even work no more


I have the same error now as i wanted to update my certificates.

I updated the local git (git pull) and even tried to remove the /root/.local/share/letsencrypt folder. Nothing helped so i checked the corresponding _openssl.so (nm -g _openssl.so) and the symbol X509_VERIFY_PARAM_set1_ip_asc is there.

Does anyone has an idea why this is happening?

By the way 2 1/2 months while creating and installing i didn’t had the problem, is it maybe corresponding to my local openSSL version (1.0.2f)?


Same error here on Ubuntu 10.04 LTS with OpenSSL 1.0.2f as well…

This is a fresh unpolluted server install, so I am using the newest client and there are no dead config files or anything like that.


@andreas-wagner: Can you tell us more detail about how you set up the server? Is it AWS, DigitalOcean, etc? If so, what’s the name of the image you used?

To all in this thread: How long has your server been running / when was the last time you ran letsencrypt? Have you run OS upgrades during that time? I’m wondering if it may be that letsencrypt installed bindings a while ago that went out of date with an OS upgrade.



Some advice I got from friends:

The best explanation I can give is that you’re linking against a different openssl.so than the openssl.h you compiled against.
X509_VERIFY_PARAM_set1_ip_asc was added in OpenSSL 1.0.2 so if you have headers in your compilation path for 1.0.2 but link/dynamically load 1.0.1 or older you’d see this


I’m stuck with the same error, first run of letsencrypt-auto on Debian 7.9, OpenSSL 1.0.1e, Python 2.7.3

nm -g /root/.local/share/letsencrypt/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so | grep X509_VERIFY_PARAM_set1_ip_asc

U X509_VERIFY_PARAM_set1_ip_asc


Ok, here is how i solved it.
I had to downgrade my openssl installation from 1.0.2g to 1.0.1s and everything worked as expected.

But yeah, that’s kinda awkward cause i need the 1.0.2 (cause of special curves) on my server, so i first had to downgrade and then upgrade afterwards again.


I solved it by just formatting the whole server and reinstalling everything again… I do want a fix for this … @jsha


can u explain where to find the wrong linking ?