New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AttributeError: module 'OpenSSL' has no attribute 'rand' #5123
Comments
I, too, am experiencing this issue, on an Ubuntu 16.04 install. I think the solution might be merged into master already, but it won't go live until they release 0.18.2? |
Yes. This is a duplicate of #5111 and we're planning on releasing 0.18.2 in the next couple hours with a fix for this issue. Sorry for the trouble! |
@bmw, is available the relase on main Ubuntu repository? http://ppa.launchpad.net/certbot/certbot/ubuntu Last available version is 0.17.0 Thanks. |
Our PPA is maintained by Debian maintainers who take the Certbot packages from Debian unstable which is still at 0.17.0 as well. How did you install pyOpenSSL 17.3.0 on your system? That version isn't packaged in any Ubuntu release according to https://packages.ubuntu.com/search?suite=all§ion=all&arch=any&keywords=python-openssl&searchon=names. |
python-openssl was installed by certbot installation:
|
But the version of If you're seeing this issue, I think you have another version of pyOpenSSL installed on your system. Possibly a version installed from |
Won't that just pull the most recent version of PyOpenSSL if you |
Since our 0.18.2 release that fixed this bug earlier this week, if you |
@bwm, ok sorry, maybe a installation mix. First time was installed with
Thanks :) |
My operating system is (include version):
ArchLinux -- 4.12.13-1-ARCH
I installed Certbot with (certbot-auto, OS package manager, pip, etc):
pacaur -S certbot
All " openssl " installed on my system (
pacaur -Qs openssl
) :I ran this command and it produced this output:
certbot --nginx --rsa-key-size 4096 certonly
2017/09/20 18:43:06 [notice] 7251#7251: signal process started
An unexpected error occurred:
AttributeError: module 'OpenSSL' has no attribute 'rand'
Please see the logfiles in /var/log/letsencrypt for more details.
Certbot's behavior differed from what I expected because:
I just wanted to renew and create certificates :/
Here is a Certbot log showing the issue (if available):
Logs are stored in
/var/log/letsencrypt
by default. Feel free to redact domains, e-mail and IP addresses as you see fit.2017-09-20 16:42:57,034:DEBUG:certbot.main:certbot version: 0.18.1
2017-09-20 16:42:57,038:DEBUG:certbot.main:Arguments: ['--nginx', '--rsa-key-size', '4096']
2017-09-20 16:42:57,040:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2017-09-20 16:42:57,108:DEBUG:certbot.log:Root logging level set at 20
2017-09-20 16:42:57,111:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-09-20 16:42:57,113:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2017-09-20 16:43:00,094:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7f9b2a5b2198>
Prep: True
2017-09-20 16:43:00,101:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7f9b2a5b2198>
Prep: True
2017-09-20 16:43:00,102:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7f9b2a5b2198> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7f9b2a5b2198>
2017-09-20 16:43:00,102:INFO:certbot.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2017-09-20 16:43:00,121:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f9b292a55f8>)>), contact=('mailto:zxvfxwing@protonmail.com',), agreement='https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf', status=None), uri='https://acme-v01.api.letsencrypt.org/acme/reg/17652395', new_authzr_uri='https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'), 03bc95c11156e67eca52dddadf24c025, Meta(creation_dt=datetime.datetime(2017, 6, 22, 14, 55, 47, tzinfo=), creation_host='sd-122362.dedibox.fr'))>
2017-09-20 16:43:00,127:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2017-09-20 16:43:00,136:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-09-20 16:43:00,447:DEBUG:urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 561
2017-09-20 16:43:00,449:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 561
Replay-Nonce: Bzyp1XWBWGoJTqkfOPYSPXviyPYa7GIg8CcTQjLr9pA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 20 Sep 2017 16:43:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 20 Sep 2017 16:43:00 GMT
Connection: keep-alive
b'{\n "5a3xNMbOszI": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",\n "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",\n "meta": {\n "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"\n },\n "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
2017-09-20 16:43:03,082:INFO:certbot.main:Obtaining a new certificate
2017-09-20 16:43:03,083:DEBUG:acme.client:Requesting fresh nonce
2017-09-20 16:43:03,083:DEBUG:acme.client:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
2017-09-20 16:43:03,283:DEBUG:urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "HEAD /acme/new-authz HTTP/1.1" 405 0
2017-09-20 16:43:03,285:DEBUG:acme.client:Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Replay-Nonce: ZyKM9z-jneYWHgK3R0ysxBdSCx1LM29ykYaWR9_U4Fg
Expires: Wed, 20 Sep 2017 16:43:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 20 Sep 2017 16:43:03 GMT
Connection: keep-alive
b''
2017-09-20 16:43:03,285:DEBUG:acme.client:Storing nonce: ZyKM9z-jneYWHgK3R0ysxBdSCx1LM29ykYaWR9_U4Fg
2017-09-20 16:43:03,286:DEBUG:acme.client:JWS payload:
b'{\n "identifier": {\n "type": "dns",\n "value": "cloud.spokonline.net"\n },\n "resource": "new-authz"\n}'
2017-09-20 16:43:03,302:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJuIjogInhnYTdvNmU4VUN0RUl4T0JOaFFwdVJXamdRaWU2UDdiVUNuNUpBaU9Sb1lzQTZqVUg2NHVsQUd1dTdJMDlKZEhnS0VxZHMydFBMUENPTFRTNFNPLVpLNFRNZGduLTRfajVXYUhUTS1xaXg4Q05oYl9peU5jSFljVU5ObDJzanhFTkNwbFVsa2NBaHhsU2xYaThVRkZEUUlzVlozeVhXbkpTeGFZaXVCQUZ6RTh4aTd1aVpuWlhJc3lkWnd2LTd2NGxldXlXTGxISGYxZENvdUFvSnNlOHRPcW8zc2V2OWh2dVp2ZnJwMUpyWVBENGt2UWFKNVlRTkFyWXpDNm1kNmE5bDlUSDRJV2VrLXZ1a2ZyYlNIUHlRUk9tYWhyMmJkT1Q5X2djdzhEVnRsOERELS03V0RjYm5uQkd3bngwSG5LLTVIX1p0OFE0YmtMRHZtendPSmhQdyIsICJlIjogIkFRQUIiLCAia3R5IjogIlJTQSJ9LCAibm9uY2UiOiAiWnlLTTl6LWpuZVlXSGdLM1IweXN4QmRTQ3gxTE0yOXlrWWFXUjlfVTRGZyJ9",
"signature": "i-2oENdfvSIK_wR__l_5FC_z2Brp_fsfx0ZyJk6S3s0lAU7xiduJ4nSvpQlcEF8j5b7syb0-GsucyVFJVQahZ2esCiFmuWtyWXCV-gAtFx9cbzNCAEuiwv31rjha0T7meg6ROZBTg0YS1JMTDTTUt8_j3Pznvf6x6ctwI_Iq-Ad59Wm-8qd6Np9FWtVtdI27oxyY6lji4awz1zmVC0A2gYe5WfjLF4gtPAiLc-DPIXTica3h252y7H2SI9WhvXvWPglK-whCfxUQbiNQh9qAk7Z77_m6wu1g-LoFGt7MUFyQ9Gz3uQjI3417n651wRxaREnATELHd9fiMYaGgzWywg",
"payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwKICAgICJ2YWx1ZSI6ICJjbG91ZC5zcG9rb25saW5lLm5ldCIKICB9LAogICJyZXNvdXJjZSI6ICJuZXctYXV0aHoiCn0"
}
2017-09-20 16:43:03,532:DEBUG:urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 998
2017-09-20 16:43:03,534:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 998
Boulder-Requester: 17652395
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/qixxJ83cL6u6uQ4SieZh6aYLpQkb33n9P7ynfDkgbdw
Replay-Nonce: epBaoL0imfUvTvWr1jHQWyd1GWfSi2-4rBXFJP2TKUo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 20 Sep 2017 16:43:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 20 Sep 2017 16:43:03 GMT
Connection: keep-alive
b'{\n "identifier": {\n "type": "dns",\n "value": "cloud.spokonline.net"\n },\n "status": "pending",\n "expires": "2017-09-27T15:55:13Z",\n "challenges": [\n {\n "type": "dns-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/qixxJ83cL6u6uQ4SieZh6aYLpQkb33n9P7ynfDkgbdw/2027324128",\n "token": "KcHGpyG7lx3Te1ezbGiAQ_QgyftbAxJGbma_66ivYyg"\n },\n {\n "type": "tls-sni-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/qixxJ83cL6u6uQ4SieZh6aYLpQkb33n9P7ynfDkgbdw/2027324129",\n "token": "BbaMUfSLp3586o7NZKwsBUnxqmixDApYdSNxdvngqPw"\n },\n {\n "type": "http-01",\n "status": "pending",\n "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/qixxJ83cL6u6uQ4SieZh6aYLpQkb33n9P7ynfDkgbdw/2027324130",\n "token": "s-6iIsxLdsbOYsUYpqPuI4dxrxABjV-NvBCyNoDWZY8"\n }\n ],\n "combinations": [\n [\n 1\n ],\n [\n 2\n ],\n [\n 0\n ]\n ]\n}'
2017-09-20 16:43:03,534:DEBUG:acme.client:Storing nonce: epBaoL0imfUvTvWr1jHQWyd1GWfSi2-4rBXFJP2TKUo
2017-09-20 16:43:03,536:INFO:certbot.auth_handler:Performing the following challenges:
2017-09-20 16:43:03,537:INFO:certbot.auth_handler:tls-sni-01 challenge for cloud.spokonline.net
2017-09-20 16:43:04,211:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/certbot/auth_handler.py", line 115, in _solve_challenges
resp = self.auth.perform(self.achalls)
File "/usr/lib/python3.6/site-packages/certbot_nginx/configurator.py", line 767, in perform
sni_response = chall_doer.perform()
File "/usr/lib/python3.6/site-packages/certbot_nginx/tls_sni_01.py", line 69, in perform
responses = [self._setup_challenge_cert(x) for x in self.achalls]
File "/usr/lib/python3.6/site-packages/certbot_nginx/tls_sni_01.py", line 69, in
responses = [self._setup_challenge_cert(x) for x in self.achalls]
File "/usr/lib/python3.6/site-packages/certbot/plugins/common.py", line 374, in _setup_challenge_cert
cert_key=cert_key)
File "/usr/lib/python3.6/site-packages/certbot/achallenges.py", line 54, in response_and_validation
self.account_key, *args, **kwargs)
File "/usr/lib/python3.6/site-packages/acme/challenges.py", line 205, in response_and_validation
self.validation(account_key, *args, **kwargs))
File "/usr/lib/python3.6/site-packages/acme/challenges.py", line 506, in validation
return self.response(account_key).gen_cert(key=kwargs.get('cert_key'))
File "/usr/lib/python3.6/site-packages/acme/challenges.py", line 417, in gen_cert
'dummy', self.z_domain.decode()], force_san=True), key
File "/usr/lib/python3.6/site-packages/acme/crypto_util.py", line 246, in gen_ss_cert
cert.set_serial_number(int(binascii.hexlify(OpenSSL.rand.bytes(16)), 16))
AttributeError: module 'OpenSSL' has no attribute 'rand'
2017-09-20 16:43:04,212:DEBUG:certbot.error_handler:Calling registered functions
2017-09-20 16:43:04,212:INFO:certbot.auth_handler:Cleaning up challenges
2017-09-20 16:43:04,213:WARNING:certbot.reverter:File:
2017-09-20 16:43:04,214:WARNING:certbot.reverter:File:
2017-09-20 16:43:08,108:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==0.18.1', 'console_scripts', 'certbot')()
File "/usr/lib/python3.6/site-packages/certbot/main.py", line 755, in main
return config.func(config, plugins)
File "/usr/lib/python3.6/site-packages/certbot/main.py", line 694, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3.6/site-packages/certbot/main.py", line 82, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3.6/site-packages/certbot/client.py", line 357, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3.6/site-packages/certbot/client.py", line 318, in obtain_certificate
self.config.allow_subset_of_names)
File "/usr/lib/python3.6/site-packages/certbot/auth_handler.py", line 74, in get_authorizations
resp = self._solve_challenges()
File "/usr/lib/python3.6/site-packages/certbot/auth_handler.py", line 115, in _solve_challenges
resp = self.auth.perform(self.achalls)
File "/usr/lib/python3.6/site-packages/certbot_nginx/configurator.py", line 767, in perform
sni_response = chall_doer.perform()
File "/usr/lib/python3.6/site-packages/certbot_nginx/tls_sni_01.py", line 69, in perform
responses = [self._setup_challenge_cert(x) for x in self.achalls]
File "/usr/lib/python3.6/site-packages/certbot_nginx/tls_sni_01.py", line 69, in
responses = [self._setup_challenge_cert(x) for x in self.achalls]
File "/usr/lib/python3.6/site-packages/certbot/plugins/common.py", line 374, in _setup_challenge_cert
cert_key=cert_key)
File "/usr/lib/python3.6/site-packages/certbot/achallenges.py", line 54, in response_and_validation
self.account_key, *args, **kwargs)
File "/usr/lib/python3.6/site-packages/acme/challenges.py", line 205, in response_and_validation
self.validation(account_key, *args, **kwargs))
File "/usr/lib/python3.6/site-packages/acme/challenges.py", line 506, in validation
return self.response(account_key).gen_cert(key=kwargs.get('cert_key'))
File "/usr/lib/python3.6/site-packages/acme/challenges.py", line 417, in gen_cert
'dummy', self.z_domain.decode()], force_san=True), key
File "/usr/lib/python3.6/site-packages/acme/crypto_util.py", line 246, in gen_ss_cert
cert.set_serial_number(int(binascii.hexlify(OpenSSL.rand.bytes(16)), 16))
AttributeError: module 'OpenSSL' has no attribute 'rand'
The text was updated successfully, but these errors were encountered: