Update Centos 6 and auto-bot stop working

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
Have several domains on the host:
www.openfactware.com
pideya.for-some.biz
agileleader.linkpc.net

I ran this command:
/certbot-auto certonly --standalone --preferred-challenges http-01 -d pideya.for-some.biz
It produced this output:

My web server is (include version):
Apache 2.2 behind haproxy
The operating system my web server runs on is (include version):
Centos 6
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): I downloadedthe last from site today.

And i got this output
build/temp.linux-i686-3.4/_openssl.c: In function ‘cffi_d_EVP_PKEY_new_raw public_key’:
build/temp.linux-i686-3.4/_openssl.c:24029:3: warning: implicit declaration of function ‘EVP_PKEY_new_raw_public_key’ [-Wimplicit-function-declaration]
return EVP_PKEY_new_raw_public_key(x0, x1, x2, x3);
^
build/temp.linux-i686-3.4/_openssl.c:24029:3: warning: return makes pointer from integer without a cast [enabled by default]
build/temp.linux-i686-3.4/_openssl.c: In function ‘cffi_f_EVP_PKEY_new_raw public_key’:
build/temp.linux-i686-3.4/_openssl.c:24081:12: warning: assignment makes poi nter from integer without a cast [enabled by default]
{ result = EVP_PKEY_new_raw_public_key(x0, x1, x2, x3); }
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_OCSP_resp_get0_ce rts’:
build/temp.linux-i686-3.4/_openssl.c:28227:3: warning: return discards ‘cons t’ qualifier from pointer target type [enabled by default]
return OCSP_resp_get0_certs(x0);
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_f_OCSP_resp_get0_ce rts’:
build/temp.linux-i686-3.4/_openssl.c:28250:12: warning: assignment discards ‘const’ qualifier from pointer target type [enabled by default]
{ result = OCSP_resp_get0_certs(x0); }
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_OCSP_resp_get0_re spdata’:
build/temp.linux-i686-3.4/_openssl.c:28365:3: warning: implicit declaration of function ‘OCSP_resp_get0_respdata’ [-Wimplicit-function-declaration]
return OCSP_resp_get0_respdata(x0);
^
build/temp.linux-i686-3.4/_openssl.c:28365:3: warning: return makes pointer from integer without a cast [enabled by default]
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_f_OCSP_resp_get0_re spdata’:
build/temp.linux-i686-3.4/_openssl.c:28388:12: warning: assignment makes poi nter from integer without a cast [enabled by default]
{ result = OCSP_resp_get0_respdata(x0); }
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_OCSP_resp_get0_tb s_sigalg’:
build/temp.linux-i686-3.4/_openssl.c:28437:3: warning: implicit declaration of function ‘OCSP_resp_get0_tbs_sigalg’ [-Wimplicit-function-declaration]
return OCSP_resp_get0_tbs_sigalg(x0);
^
build/temp.linux-i686-3.4/_openssl.c:28437:3: warning: return makes pointer from integer without a cast [enabled by default]
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_f_OCSP_resp_get0_tb s_sigalg’:
build/temp.linux-i686-3.4/_openssl.c:28460:12: warning: assignment makes poi nter from integer without a cast [enabled by default]
{ result = OCSP_resp_get0_tbs_sigalg(x0); }
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_OPENSSL_config’:
build/temp.linux-i686-3.4/_openssl.c:28707:3: warning: ‘OPENSSL_config’ is d eprecated (declared at /usr/local/include/openssl/conf.h:92) [-Wdeprecated-decla rations]
OPENSSL_config(x0);
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_f_OPENSSL_config’:
build/temp.linux-i686-3.4/_openssl.c:28729:3: warning: ‘OPENSSL_config’ is d eprecated (declared at /usr/local/include/openssl/conf.h:92) [-Wdeprecated-decla rations]
{ OPENSSL_config(x0); }
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_SSL_CTX_set_ciphe rsuites’:
build/temp.linux-i686-3.4/_openssl.c:36104:3: warning: implicit declaration of function ‘SSL_CTX_set_ciphersuites’ [-Wimplicit-function-declaration]
return SSL_CTX_set_ciphersuites(x0, x1);
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_SSL_CTX_set_max_e arly_data’:
build/temp.linux-i686-3.4/_openssl.c:36542:3: warning: implicit declaration of function ‘SSL_CTX_set_max_early_data’ [-Wimplicit-function-declaration]
return SSL_CTX_set_max_early_data(x0, x1);
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_SSL_CTX_set_mode’ :
build/temp.linux-i686-3.4/_openssl.c:36588:3: warning: conversion to ‘long i nt’ from ‘long unsigned int’ may change the sign of the result [-Wsign-conversio n]
return SSL_CTX_set_mode(x0, x1);
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_f_SSL_CTX_set_mode’ :
build/temp.linux-i686-3.4/_openssl.c:36621:3: warning: conversion to ‘long i nt’ from ‘long unsigned int’ may change the sign of the result [-Wsign-conversio n]
{ result = SSL_CTX_set_mode(x0, x1); }
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘cffi_d_SSL_CTX_set_post handshake_auth’:
build/temp.linux-i686-3.4/_openssl.c:36798:3: warning: implicit declaration of function ‘SSL_CTX_set_post_handshake_auth’ [-Wimplicit-function-declaration]
SSL_CTX_set_post_handshake_auth(x0, x1);
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_SSL_CTX_set_sessi on_cache_mode’:
build/temp.linux-i686-3.4/_openssl.c:36982:3: warning: conversion to ‘long i nt’ from ‘long unsigned int’ may change the sign of the result [-Wsign-conversio n]
return SSL_CTX_set_session_cache_mode(x0, x1);
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_f_SSL_CTX_set_sessi on_cache_mode’:
build/temp.linux-i686-3.4/_openssl.c:37015:3: warning: conversion to ‘long i nt’ from ‘long unsigned int’ may change the sign of the result [-Wsign-conversio n]
{ result = SSL_CTX_set_session_cache_mode(x0, x1); }
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_SSL_SESSION_get_m ax_early_data’:
build/temp.linux-i686-3.4/_openssl.c:38190:3: warning: implicit declaration of function ‘SSL_SESSION_get_max_early_data’ [-Wimplicit-function-declaration]
return SSL_SESSION_get_max_early_data(x0);
^
build/temp.linux-i686-3.4/_openssl.c:38190:40: warning: conversion to ‘uint3 2_t’ from ‘int’ may change the sign of the result [-Wsign-conversion]
return SSL_SESSION_get_max_early_data(x0);
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_f_SSL_SESSION_get_m ax_early_data’:
build/temp.linux-i686-3.4/_openssl.c:38213:44: warning: conversion to ‘uint3 2_t’ from ‘int’ may change the sign of the result [-Wsign-conversion]
{ result = SSL_SESSION_get_max_early_data(x0); }
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_SSL_SESSION_get_t icket_lifetime_hint’:
build/temp.linux-i686-3.4/_openssl.c:38226:46: warning: conversion to ‘long int’ from ‘long unsigned int’ may change the sign of the result [-Wsign-conversi on]
return SSL_SESSION_get_ticket_lifetime_hint(x0);
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_f_SSL_SESSION_get_t icket_lifetime_hint’:
build/temp.linux-i686-3.4/_openssl.c:38249:50: warning: conversion to ‘long int’ from ‘long unsigned int’ may change the sign of the result [-Wsign-conversi on]
{ result = SSL_SESSION_get_ticket_lifetime_hint(x0); }
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_SSL_read_early_da ta’:
build/temp.linux-i686-3.4/_openssl.c:40773:3: warning: implicit declaration of function ‘SSL_read_early_data’ [-Wimplicit-function-declaration]
return SSL_read_early_data(x0, x1, x2, x3);
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_SSL_set_mode’:
build/temp.linux-i686-3.4/_openssl.c:41557:3: warning: conversion to ‘long i nt’ from ‘long unsigned int’ may change the sign of the result [-Wsign-conversio n]
return SSL_set_mode(x0, x1);
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_f_SSL_set_mode’:
build/temp.linux-i686-3.4/_openssl.c:41590:3: warning: conversion to ‘long i nt’ from ‘long unsigned int’ may change the sign of the result [-Wsign-conversio n]
{ result = SSL_set_mode(x0, x1); }
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_SSL_set_post_hand shake_auth’:
build/temp.linux-i686-3.4/_openssl.c:41649:3: warning: implicit declaration of function ‘SSL_set_post_handshake_auth’ [-Wimplicit-function-declaration]
SSL_set_post_handshake_auth(x0, x1);
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_SSL_verify_client _post_handshake’:
build/temp.linux-i686-3.4/_openssl.c:42605:3: warning: implicit declaration of function ‘SSL_verify_client_post_handshake’ [-Wimplicit-function-declaration]
return SSL_verify_client_post_handshake(x0);
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_SSL_write_early_d ata’:
build/temp.linux-i686-3.4/_openssl.c:42808:3: warning: implicit declaration of function ‘SSL_write_early_data’ [-Wimplicit-function-declaration]
return SSL_write_early_data(x0, x1, x2, x3);
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_TLSv1_1_client_me thod’:
build/temp.linux-i686-3.4/_openssl.c:43076:3: warning: ‘TLSv1_1_client_metho d’ is deprecated (declared at /usr/local/include/openssl/ssl.h:1606) [-Wdeprecat ed-declarations]
return TLSv1_1_client_method();
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_f_TLSv1_1_client_me thod’:
build/temp.linux-i686-3.4/_openssl.c:43086:3: warning: ‘TLSv1_1_client_metho d’ is deprecated (declared at /usr/local/include/openssl/ssl.h:1606) [-Wdeprecat ed-declarations]
{ result = TLSv1_1_client_method(); }
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_TLSv1_1_method’:
build/temp.linux-i686-3.4/_openssl.c:43100:3: warning: ‘TLSv1_1_method’ is d eprecated (declared at /usr/local/include/openssl/ssl.h:1604) [-Wdeprecated-decl arations]
return TLSv1_1_method();
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_f_TLSv1_1_method’:
build/temp.linux-i686-3.4/_openssl.c:43110:3: warning: ‘TLSv1_1_method’ is d eprecated (declared at /usr/local/include/openssl/ssl.h:1604) [-Wdeprecated-decl arations]
{ result = TLSv1_1_method(); }
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_TLSv1_1_server_me thod’:
build/temp.linux-i686-3.4/_openssl.c:43124:3: warning: ‘TLSv1_1_server_metho d’ is deprecated (declared at /usr/local/include/openssl/ssl.h:1605) [-Wdeprecat ed-declarations]
return TLSv1_1_server_method();
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_f_TLSv1_1_server_me thod’:
build/temp.linux-i686-3.4/_openssl.c:43134:3: warning: ‘TLSv1_1_server_metho d’ is deprecated (declared at /usr/local/include/openssl/ssl.h:1605) [-Wdeprecat ed-declarations]
{ result = TLSv1_1_server_method(); }
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_TLSv1_2_client_me thod’:
build/temp.linux-i686-3.4/_openssl.c:43148:3: warning: ‘TLSv1_2_client_metho d’ is deprecated (declared at /usr/local/include/openssl/ssl.h:1612) [-Wdeprecat ed-declarations]
return TLSv1_2_client_method();
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_f_TLSv1_2_client_me thod’:
build/temp.linux-i686-3.4/_openssl.c:43158:3: warning: ‘TLSv1_2_client_metho d’ is deprecated (declared at /usr/local/include/openssl/ssl.h:1612) [-Wdeprecat ed-declarations]
{ result = TLSv1_2_client_method(); }
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_TLSv1_2_method’:
build/temp.linux-i686-3.4/_openssl.c:43172:3: warning: ‘TLSv1_2_method’ is d eprecated (declared at /usr/local/include/openssl/ssl.h:1610) [-Wdeprecated-decl arations]
return TLSv1_2_method();
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_f_TLSv1_2_method’:
build/temp.linux-i686-3.4/_openssl.c:43182:3: warning: ‘TLSv1_2_method’ is d eprecated (declared at /usr/local/include/openssl/ssl.h:1610) [-Wdeprecated-decl arations]
{ result = TLSv1_2_method(); }
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_TLSv1_2_server_me thod’:
build/temp.linux-i686-3.4/_openssl.c:43196:3: warning: ‘TLSv1_2_server_metho d’ is deprecated (declared at /usr/local/include/openssl/ssl.h:1611) [-Wdeprecat ed-declarations]
return TLSv1_2_server_method();
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_f_TLSv1_2_server_me thod’:
build/temp.linux-i686-3.4/_openssl.c:43206:3: warning: ‘TLSv1_2_server_metho d’ is deprecated (declared at /usr/local/include/openssl/ssl.h:1611) [-Wdeprecat ed-declarations]
{ result = TLSv1_2_server_method(); }
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_TLSv1_client_meth od’:
build/temp.linux-i686-3.4/_openssl.c:43220:3: warning: ‘TLSv1_client_method’ is deprecated (declared at /usr/local/include/openssl/ssl.h:1600) [-Wdeprecated -declarations]
return TLSv1_client_method();
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_f_TLSv1_client_meth od’:
build/temp.linux-i686-3.4/_openssl.c:43230:3: warning: ‘TLSv1_client_method’ is deprecated (declared at /usr/local/include/openssl/ssl.h:1600) [-Wdeprecated -declarations]
{ result = TLSv1_client_method(); }
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_TLSv1_method’:
build/temp.linux-i686-3.4/_openssl.c:43244:3: warning: ‘TLSv1_method’ is dep recated (declared at /usr/local/include/openssl/ssl.h:1598) [-Wdeprecated-declar ations]
return TLSv1_method();
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_f_TLSv1_method’:
build/temp.linux-i686-3.4/_openssl.c:43254:3: warning: ‘TLSv1_method’ is dep recated (declared at /usr/local/include/openssl/ssl.h:1598) [-Wdeprecated-declar ations]
{ result = TLSv1_method(); }
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_TLSv1_server_meth od’:
build/temp.linux-i686-3.4/_openssl.c:43268:3: warning: ‘TLSv1_server_method’ is deprecated (declared at /usr/local/include/openssl/ssl.h:1599) [-Wdeprecated -declarations]
return TLSv1_server_method();
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_f_TLSv1_server_meth od’:
build/temp.linux-i686-3.4/_openssl.c:43278:3: warning: ‘TLSv1_server_method’ is deprecated (declared at /usr/local/include/openssl/ssl.h:1599) [-Wdeprecated -declarations]
{ result = TLSv1_server_method(); }
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_X509_CRL_get_last Update’:
build/temp.linux-i686-3.4/_openssl.c:44351:3: warning: ‘X509_CRL_get_lastUpd ate’ is deprecated (declared at /usr/local/include/openssl/x509.h:708) [-Wdeprec ated-declarations]
return X509_CRL_get_lastUpdate(x0);
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_f_X509_CRL_get_last Update’:
build/temp.linux-i686-3.4/_openssl.c:44374:3: warning: ‘X509_CRL_get_lastUpd ate’ is deprecated (declared at /usr/local/include/openssl/x509.h:708) [-Wdeprec ated-declarations]
{ result = X509_CRL_get_lastUpdate(x0); }
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_d_X509_CRL_get_next Update’:
build/temp.linux-i686-3.4/_openssl.c:44387:3: warning: ‘X509_CRL_get_nextUpd ate’ is deprecated (declared at /usr/local/include/openssl/x509.h:709) [-Wdeprec ated-declarations]
return X509_CRL_get_nextUpdate(x0);
^
build/temp.linux-i686-3.4/_openssl.c: In function ‘_cffi_f_X509_CRL_get_next Update’:
build/temp.linux-i686-3.4/_openssl.c:44410:3: warning: ‘X509_CRL_get_nextUpd ate’ is deprecated (declared at /usr/local/include/openssl/x509.h:709) [-Wdeprec ated-declarations]
{ result = X509_CRL_get_nextUpdate(x0); }
^
error: command ‘gcc’ failed with exit status 1

----------------------------------------

Command “/opt/eff.org/certbot/venv/bin/python -u -c “import setuptools, tokenize ;file=’/tmp/pip-build-644j6p2b/cryptography/setup.py’;f=getattr(tokenize, ‘o pen’, open)(file);code=f.read().replace(’\r\n’, ‘\n’);f.close();exec(compile (code, file, ‘exec’))” install --record /tmp/pip-kuozq9q4-record/install-rec ord.txt --single-version-externally-managed --compile --install-headers /opt/eff .org/certbot/venv/include/site/python3.4/cryptography” failed with error code 1 in /tmp/pip-build-644j6p2b/cryptography/

Certbot has problem setting up the virtual environment.

Thank you!

That’s a bad sign.

If I had to guess, I would say that you have built a custom version of OpenSSL from source on your server and installed it alongside the CentOS packages (using make install).

In turn, that is causing the Python cryptography package’s build process to get confused, because it is using the wrong headers or linking to the wrong library.

What is the output of these commands:

rpm -q openssl openssl-devel
openssl version
grep OPENSSL_VERSION_TEXT /usr/local/include/openssl/opensslv.h
grep OPENSSL_VERSION_TEXT /usr/include/openssl/opensslv.h

Thanks @_az, this are the outputs:

rpm -q openssl openssl-devel

openssl-1.0.1e-58.el6_10.i686
openssl-devel-1.0.1e-58.el6_10.i686

openssl version
OpenSSL 1.0.2j  26 Sep 2016

grep OPENSSL_VERSION_TEXT /usr/local/include/openssl/opensslv.h
#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1-fips-dev  xx XXX xxxx"
#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1-dev  xx XXX xxxx"

grep OPENSSL_VERSION_TEXT /usr/include/openssl/opensslv.h
#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1e-fips 11 Feb 2013"
#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1e 11 Feb 2013"
#define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT

So like you said , the versions are not matching, should i remove with yum remove an try a fresh install?

Wow, you have 3 different OpenSSL versions.

With most Linux distros, you should avoid installing multiple versions of a library like OpenSSL globally. It’s almost never the right thing to do and tends to result in problems.

The only version of OpenSSL that should be installed globally is 1.0.1e, which comes from the CentOS 6 base repo.

If, for some reason, you need to use 1.1.1 or 1.0.2 with a particular piece of a software (like a webserver), you should avoid installing (make install) it globally and instead build the webserver with e.g. --with-openssl=/path/to/openssl-1.1.1.

I’m not sure what the best way to fix it is. I think you need to undo the installation of 1.1.1 and 1.0.2, but it can be tricky if they have overwritten each other. If you built them from source, make uninstall can sometimes do what you want, but it might not work if you tried it now. If it was me, I’d just install a new server.

It’s possible that just doing a yum reinstall openssl openssl-devel might also work to fix this, but that’s a long shot.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.