Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK' while running certbot #24

Open
mrvelic opened this issue Nov 15, 2023 · 0 comments

Comments

@mrvelic
Copy link

mrvelic commented Nov 15, 2023

Getting this stack trace when running certbot with a DNS challenge (dns-azure):

Traceback (most recent call last):
  File "/usr/bin/certbot", line 5, in <module>
    from certbot.main import main
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 6, in <module>
    from certbot._internal import main as internal_main
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 21, in <module>
    import josepy as jose
  File "/opt/certbot/lib/python3.7/site-packages/josepy/__init__.py", line 40, in <module>
    from josepy.json_util import (
  File "/opt/certbot/lib/python3.7/site-packages/josepy/json_util.py", line 14, in <module>
    from OpenSSL import crypto
  File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1517, in <module>
    class X509StoreFlags(object):
  File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1537, in X509StoreFlags
    CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'

Am running this from the nginx-proxy-manager, but I saw this container is the base container with certbot so figured it was the appropriate place to raise the issue.

From looking up the stack trace, it seems to be related to a dependency mismatch in pyopenssl:
https://stackoverflow.com/questions/73830524/attributeerror-module-lib-has-no-attribute-x509-v-flag-cb-issuer-check

Getting a shell in the container and activating the certbot venv then updating pip and pyopenssl immediately solves the problem (at least until next pull / redeploy). I was happy to put up a PR to include pyopenssl in the pip install for Dockerfile.certbot but I didn't want to create any potential knock on effects for things I may not be aware of, so just reporting it first.

source /opt/certbot/bin/activate
pip install pip --upgrade
pip install pyopenssl --upgrade
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant