How to use SSL certificate free of Let’s Encrypt on Linux – part 2

Some errors may be occur during the installation of Let’s Encrypt on Linux

Error 1:

An unexpected error occurred:
AttributeError: 'module' object has no attribute 'SSL_set_tlsext_host_name'
Please see the logfiles in /var/log/letsencrypt for more details.

How to fix it?

Step 1:

cd /var/log/letsencrypt
cat letsencrypt.log


[root@tutorialspots letsencrypt]# cat letsencrypt.log
2016-05-07 03:30:56,933:DEBUG:letsencrypt.main:Root logging level set at 30
2016-05-07 03:30:56,933:INFO:letsencrypt.main:Saving debug log to /var/log/letse
2016-05-07 03:30:56,933:DEBUG:letsencrypt.main:letsencrypt version: 0.5.0
2016-05-07 03:30:56,933:DEBUG:letsencrypt.main:Arguments: ['--apache']
2016-05-07 03:30:56,933:DEBUG:letsencrypt.main:Discovered plugins: PluginsRegist
2016-05-07 03:30:56,953:DEBUG:letsencrypt.plugins.selection:Requested authentica
tor apache and installer apache
2016-05-07 03:30:59,636:DEBUG:letsencrypt.plugins.selection:Single candidate plu
gin: * apache
Description: Apache Web Server - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = letsencrypt_apache.configurator:ApacheConfigurator
Initialized: <letsencrypt_apache.configurator.ApacheConfigurator object at 0x8c9
Prep: True
2016-05-07 03:30:59,636:DEBUG:letsencrypt.plugins.selection:Selected authenticat
or <letsencrypt_apache.configurator.ApacheConfigurator object at 0x8c92c0c> and
installer <letsencrypt_apache.configurator.ApacheConfigurator object at 0x8c92c0
2016-05-07 03:37:51,113:DEBUG:root:Sending GET request to https://acme-v01.api.l args: (), kwargs: {}
2016-05-07 03:37:51,118:INFO:requests.packages.urllib3.connectionpool:Starting n
ew HTTPS connection (1):
2016-05-07 03:37:51,290:DEBUG:letsencrypt.main:Exiting abnormally:
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/m", line 692, in main
    return config.func(config, plugins)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/m", line 455, in run
    le_client = _init_le_client(config, authenticator, installer)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/m", line 356, in _init_le_client
    acc, acme = _determine_account(config)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/m", line 341, in _determine_account
    config, account_storage, tos_cb=_tos_cb)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/c", line 117, in register
    acme = acme_from_config_key(config, key)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/c", line 41, in acme_from_config_key
    return acme_client.Client(config.server, key=key, net=net)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.p
y", line 63, in __init__
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.p
y", line 627, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.p
y", line 609, in _send_request
    response = requests.request(method, url, *args, **kwargs)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/api.
py", line 53, in request
    return session.request(method=method, url=url, **kwargs)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/sess", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/sess", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/adap", line 376, in send
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/pack
ages/urllib3/", line 559, in urlopen
    body=body, headers=headers)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/pack
ages/urllib3/", line 345, in _make_request
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/pack
ages/urllib3/", line 784, in _validate_conn
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/pack
ages/urllib3/", line 252, in connect
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/pack
ages/urllib3/contrib/", line 296, in ssl_wrap_socket
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/OpenSSL/SSL.p
y", line 1237, in set_tlsext_host_name
    _lib.SSL_set_tlsext_host_name(self._ssl, name)
AttributeError: 'module' object has no attribute 'SSL_set_tlsext_host_name'

We see the lines:

File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/OpenSSL/SSL.p
y", line 1237, in set_tlsext_host_name
    _lib.SSL_set_tlsext_host_name(self._ssl, name)

Step 2:

sh /root/.local/share/letsencrypt/bin/activate

Step 3:

pip install pyopenssl==0.12


[root@tutorialspots letsencrypt]# pip install pyopenssl==0.12
Collecting pyopenssl==0.12
l/ SNIMissingWarning: An HTTPS request has been made, but the SNI (S
ubject Name Indication) extension to TLS is not available on this platform. This
 may cause the server to present an incorrect TLS certificate, which can cause v
alidation failures. For more information, see
l/ InsecurePlatformWarning: A true SSLContext object is not availabl
e. This prevents urllib3 from configuring SSL appropriately and may cause certai
n SSL connections to fail. For more information, see https://urllib3.readthedocs
  Downloading pyOpenSSL-0.12.tar.gz (236kB)
    100% |################################| 245kB 1.9MB/s
Building wheels for collected packages: pyopenssl
  Running bdist_wheel for pyopenssl ... done
  Stored in directory: /root/.cache/pip/wheels/1a/4c/d0/37bc489760068fa88f0fc948
Successfully built pyopenssl
Installing collected packages: pyopenssl
Successfully installed pyopenssl-0.12

Step 4:
Open file /root/.local/share/letsencrypt/lib/python2.7/site-packages/OpenSSL/ then comment out line 1237

ssl py

ssl py edit

Step 5: Re-run this command to re-install letsencrypt

/root/.local/share/letsencrypt/bin/letsencrypt --apache --verbose

Error 2:

The request message was malformed :: Error creating new authz :: DNS name has too many labels

Read the log file:

cd /var/log/letsencrypt
cat letsencrypt.log

You can know that, in your server, there are some deep subdomains like:

Please remove these subdomains.

Error 3:

Error creating new authz :: Too many currently pending authorizations.

Step 1:
Go to folder: /etc/letsencrypt/accounts/

Then delete the sub-folder
delete letsencrypt account

Step 2:
Then you must use other email.

Error 4:

Error while running apachectl configtest

Error while running apachectl configtest.

Syntax error on line 5 of /etc/httpd/conf.d/le_tls_sni_01_cert_challenge.conf:
SSLStrictSNIVHostCheck failed; OpenSSL is not built with support for TLS extensi
ons and SNI indication. Refer to the documentation, and build a compatible versi
on of OpenSSL.

Prerequisites to use SNI

  1. Use OpenSSL 0.9.8f or later
  2. Build OpenSSL with the TLS Extensions option enabled (option enable-tlsext; OpenSSL 0.9.8k and later has this enabled by default).
  3. Apache must have been built with that OpenSSL (./configure –with-ssl=/path/to/your/openssl). In that case, mod_ssl will automatically detect the availability of the TLS extensions and support SNI.
  4. Apache must use that OpenSSL at run-time, which might require setting LD_LIBRARY_PATH or equivalent to point to that OpenSSL, maybe in bin/envvars. (You’ll get unresolved symbol errors at Apache startup if Apache was built with SNI but isn’t finding the right openssl libraries at run-time.)

So, you must upgrade OpenSSL and rebuild or upgrade Apache.

Related Post

, ,

No comments yet.

Leave a Reply