Some errors may be occur during the installation of Let’s Encrypt on Linux
Error 1:
An unexpected error occurred: AttributeError: 'module' object has no attribute 'SSL_set_tlsext_host_name' Please see the logfiles in /var/log/letsencrypt for more details.
How to fix it?
Step 1:
cd /var/log/letsencrypt cat letsencrypt.log
Result:
[root@tutorialspots letsencrypt]# cat letsencrypt.log
2016-05-07 03:30:56,933:DEBUG:letsencrypt.main:Root logging level set at 30
2016-05-07 03:30:56,933:INFO:letsencrypt.main:Saving debug log to /var/log/letse
ncrypt/letsencrypt.log
2016-05-07 03:30:56,933:DEBUG:letsencrypt.main:letsencrypt version: 0.5.0
2016-05-07 03:30:56,933:DEBUG:letsencrypt.main:Arguments: ['--apache']
2016-05-07 03:30:56,933:DEBUG:letsencrypt.main:Discovered plugins: PluginsRegist
ry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,Plugin
EntryPoint#manual,PluginEntryPoint#standalone)
2016-05-07 03:30:56,953:DEBUG:letsencrypt.plugins.selection:Requested authentica
tor apache and installer apache
2016-05-07 03:30:59,636:DEBUG:letsencrypt.plugins.selection:Single candidate plu
gin: * apache
Description: Apache Web Server - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = letsencrypt_apache.configurator:ApacheConfigurator
Initialized: <letsencrypt_apache.configurator.ApacheConfigurator object at 0x8c9
2c0c>
Prep: True
2016-05-07 03:30:59,636:DEBUG:letsencrypt.plugins.selection:Selected authenticat
or <letsencrypt_apache.configurator.ApacheConfigurator object at 0x8c92c0c> and
installer <letsencrypt_apache.configurator.ApacheConfigurator object at 0x8c92c0
c>
2016-05-07 03:37:51,113:DEBUG:root:Sending GET request to https://acme-v01.api.l
etsencrypt.org/directory. args: (), kwargs: {}
2016-05-07 03:37:51,118:INFO:requests.packages.urllib3.connectionpool:Starting n
ew HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-05-07 03:37:51,290:DEBUG:letsencrypt.main:Exiting abnormally:
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
sys.exit(main())
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/m
ain.py", line 692, in main
return config.func(config, plugins)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/m
ain.py", line 455, in run
le_client = _init_le_client(config, authenticator, installer)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/m
ain.py", line 356, in _init_le_client
acc, acme = _determine_account(config)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/m
ain.py", line 341, in _determine_account
config, account_storage, tos_cb=_tos_cb)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/c
lient.py", line 117, in register
acme = acme_from_config_key(config, key)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/c
lient.py", line 41, in acme_from_config_key
return acme_client.Client(config.server, key=key, net=net)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.p
y", line 63, in __init__
self.net.get(directory).json())
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.p
y", line 627, in get
self._send_request('GET', url, **kwargs), content_type=content_type)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.p
y", line 609, in _send_request
response = requests.request(method, url, *args, **kwargs)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/api.
py", line 53, in request
return session.request(method=method, url=url, **kwargs)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/sess
ions.py", line 468, in request
resp = self.send(prep, **send_kwargs)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/sess
ions.py", line 576, in send
r = adapter.send(request, **kwargs)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/adap
ters.py", line 376, in send
timeout=timeout
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/pack
ages/urllib3/connectionpool.py", line 559, in urlopen
body=body, headers=headers)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/pack
ages/urllib3/connectionpool.py", line 345, in _make_request
self._validate_conn(conn)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/pack
ages/urllib3/connectionpool.py", line 784, in _validate_conn
conn.connect()
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/pack
ages/urllib3/connection.py", line 252, in connect
ssl_version=resolved_ssl_version)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/requests/pack
ages/urllib3/contrib/pyopenssl.py", line 296, in ssl_wrap_socket
cnx.set_tlsext_host_name(server_hostname)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/OpenSSL/SSL.p
y", line 1237, in set_tlsext_host_name
_lib.SSL_set_tlsext_host_name(self._ssl, name)
AttributeError: 'module' object has no attribute 'SSL_set_tlsext_host_name'
We see the lines:
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/OpenSSL/SSL.p
y", line 1237, in set_tlsext_host_name
_lib.SSL_set_tlsext_host_name(self._ssl, name)
Step 2:
sh /root/.local/share/letsencrypt/bin/activate
Step 3:
pip install pyopenssl==0.12
Result:
[root@tutorialspots letsencrypt]# pip install pyopenssl==0.12
Collecting pyopenssl==0.12
/usr/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/uti
l/ssl_.py:315: SNIMissingWarning: An HTTPS request has been made, but the SNI (S
ubject Name Indication) extension to TLS is not available on this platform. This
may cause the server to present an incorrect TLS certificate, which can cause v
alidation failures. For more information, see https://urllib3.readthedocs.org/en
/latest/security.html#snimissingwarning.
SNIMissingWarning
/usr/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/uti
l/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not availabl
e. This prevents urllib3 from configuring SSL appropriately and may cause certai
n SSL connections to fail. For more information, see https://urllib3.readthedocs
.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
Downloading pyOpenSSL-0.12.tar.gz (236kB)
100% |################################| 245kB 1.9MB/s
Building wheels for collected packages: pyopenssl
Running setup.py bdist_wheel for pyopenssl ... done
Stored in directory: /root/.cache/pip/wheels/1a/4c/d0/37bc489760068fa88f0fc948
bfc359ca4e38beabb189cd029b
Successfully built pyopenssl
Installing collected packages: pyopenssl
Successfully installed pyopenssl-0.12
Step 4:
Open file /root/.local/share/letsencrypt/lib/python2.7/site-packages/OpenSSL/SSL.py then comment out line 1237
Step 5: Re-run this command to re-install letsencrypt
/root/.local/share/letsencrypt/bin/letsencrypt --apache --verbose
Error 2:
The request message was malformed :: Error creating new authz :: DNS name has too many labels
Read the log file:
cd /var/log/letsencrypt cat letsencrypt.log
You can know that, in your server, there are some deep subdomains like: a.b.c.d.e.f.g.h.domain.com
Please remove these subdomains.
Error 3:
Error creating new authz :: Too many currently pending authorizations.
Step 1:
Go to folder: /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory
Then delete the sub-folder
Step 2:
Then you must use other email.
Error 4:
Error while running apachectl configtest. Syntax error on line 5 of /etc/httpd/conf.d/le_tls_sni_01_cert_challenge.conf: SSLStrictSNIVHostCheck failed; OpenSSL is not built with support for TLS extensi ons and SNI indication. Refer to the documentation, and build a compatible versi on of OpenSSL.
Prerequisites to use SNI
- Use OpenSSL 0.9.8f or later
- Build OpenSSL with the TLS Extensions option enabled (option enable-tlsext; OpenSSL 0.9.8k and later has this enabled by default).
- Apache must have been built with that OpenSSL (./configure –with-ssl=/path/to/your/openssl). In that case, mod_ssl will automatically detect the availability of the TLS extensions and support SNI.
- Apache must use that OpenSSL at run-time, which might require setting LD_LIBRARY_PATH or equivalent to point to that OpenSSL, maybe in bin/envvars. (You’ll get unresolved symbol errors at Apache startup if Apache was built with SNI but isn’t finding the right openssl libraries at run-time.)
So, you must upgrade OpenSSL and rebuild or upgrade Apache.
