So what’s with these insecureplatform warnings and ImportError: /home/xxx/.local/share/letsencrypt/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so: undefined symbol: X509_VERIFY_PARAM_set1_ip_asc error? i cannot even do anything with letsencrypt auto because whenever i run it i see these error and letsencrypt-auto just shuts itself.
I am running:
OS: Ubuntu 14.04 with nginx
Have both ipv4 and ipv6
Was successfull running it first time but had to install pip with these other module to fix insecureplatformwarning but it came back again and now letsencrypt-auto doesn’t even work no more
I have the same error now as i wanted to update my certificates.
I updated the local git (git pull) and even tried to remove the /root/.local/share/letsencrypt folder. Nothing helped so i checked the corresponding _openssl.so (nm -g _openssl.so) and the symbol X509_VERIFY_PARAM_set1_ip_asc is there.
Does anyone has an idea why this is happening?
By the way 2 1/2 months while creating and installing i didn’t had the problem, is it maybe corresponding to my local openSSL version (1.0.2f)?
@andreas-wagner: Can you tell us more detail about how you set up the server? Is it AWS, DigitalOcean, etc? If so, what’s the name of the image you used?
To all in this thread: How long has your server been running / when was the last time you ran letsencrypt? Have you run OS upgrades during that time? I’m wondering if it may be that letsencrypt installed bindings a while ago that went out of date with an OS upgrade.
The best explanation I can give is that you’re linking against a different openssl.so than the openssl.h you compiled against.
X509_VERIFY_PARAM_set1_ip_asc was added in OpenSSL 1.0.2 so if you have headers in your compilation path for 1.0.2 but link/dynamically load 1.0.1 or older you'd see this
Ok, here is how i solved it.
I had to downgrade my openssl installation from 1.0.2g to 1.0.1s and everything worked as expected.
But yeah, that’s kinda awkward cause i need the 1.0.2 (cause of special curves) on my server, so i first had to downgrade and then upgrade afterwards again.