Basically a quick fix for renewing certificates via Certbot on CentOS 7.4 machines.
certbot commands, you get an error like the following:
ImportError: ‘pyOpenSSL’ module missing required functionality. Try upgrading to v0.14 or newer.
In multiple places all over the web, you would see engineers reporting that pyOpenSSL package which comes with CentOS 7 is too old for
But due to my line of work, I know for sure it’s not. There are dozens of CentOS 7 servers where
certbot runs just fine and I had an issue only on one particular server of my own.
Of course, you can check that your pyOpenSSL is of version 0.13.1, and the error wants you to get a newer one 0.14. Thus those “engineers” even go as far as building custom RPM packages for newer pyOpenSSL 😀
As a torrent lover, I have once installed the wonderful Flexget via
pip. This, of course, mixed the
pip install packages via system ones. So the problem getting this error is not the outdated pyOpenSSL. It is the other
pip installed packages which rely on it.
I have simply removed pip installed packages, then reinstalled the system ones:
pip uninstall requests yum reinstall python-requests pip uninstall six yum reinstall python-six pip uninstall urllib3 yum reinstall python-urllib3
You may find yourself having to fix more packages. So you can just remove everything you had installed via
pip and reinstall everything that you had installed via
yum. BEWARE. The following uninstalls yum itself:
pip freeze --local | xargs pip uninstall -y # Actually clear out ALL python stuff: rm -rf /usr/lib/python2.7/site-packages # Install yum: rpm -ihv --force --replacepkgs http://mirror.centos.org/centos/7/os/x86_64/Packages/yum-3.4.3-154.el7.centos.noarch.rpm rpm -ihv --force --replacepkgs http://mirror.centos.org/centos/7/os/x86_64/Packages/python-urlgrabber-3.10-8.el7.noarch.rpm # Fix yum: yum info yum --show-duplicates yum reinstall yum-3.4.3-154.el7.centos.1 yum reinstall yum-* # Reinstall everything: yum -y upgrade # in case reinstall isn't possible for older version packages which are no longer available yum -y reinstall \*
If may seem a little harsh to reinstall everything but this will definitely fix the system and whatever Python packages you had “broken” via
certbot is now back to work renewing its certificates.
Never mix system Python packages with the ones coming from pip. Use