Humanity

Edit the world by your favorite way

certbot-auto で ImportError: No module named cryptography.hazmat.bindings.openssl.binding

Let's Encrypt

wget https://dl.eff.org/certbot-auto とかしてダウンロードした certbot-auto スクリプトを実行しようとすると、

ImportError: No module named cryptography.hazmat.bindings.openssl.binding

のようなエラーが出る時がある。

詳細なエラー

$ ./certbot-auto --debug
Requesting to rerun ./certbot-auto with root privileges...
Bootstrapping dependencies for Amazon... (you can skip this with --no-bootstrap)
yum is /usr/bin/yum
yum is hashed (/usr/bin/yum)
Loaded plugins: priorities, update-motd, upgrade-helper
amzn-main                                                                                                                                                                               | 2.1 kB  00:00:00
amzn-updates                                                                                                                                                                            | 2.5 kB  00:00:00
1057 packages excluded due to repository priority protections
Package gcc-4.8.5-1.22.amzn1.noarch already installed and latest version
Package augeas-libs-1.0.0-5.7.amzn1.x86_64 already installed and latest version
Package 1:openssl-1.0.2k-12.110.amzn1.x86_64 already installed and latest version
Package 1:openssl-devel-1.0.2k-12.110.amzn1.x86_64 already installed and latest version
Package libffi-devel-3.0.13-16.5.amzn1.x86_64 already installed and latest version
Package system-rpm-config-9.0.3-42.28.amzn1.noarch already installed and latest version
Package ca-certificates-2017.2.14-65.0.1.17.amzn1.noarch already installed and latest version
Package python27-devel-2.7.14-1.123.amzn1.x86_64 already installed and latest version
Package python27-virtualenv-15.1.0-1.14.amzn1.noarch already installed and latest version
Package python27-tools-2.7.14-1.123.amzn1.x86_64 already installed and latest version
Package python27-pip-9.0.3-1.26.amzn1.noarch already installed and latest version
Package 1:mod_ssl-2.2.34-1.16.amzn1.x86_64 already installed and latest version
Nothing to do
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in <module>
    from certbot.main import main
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 10, in <module>
    import josepy as jose
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py", line 44, in <module>
    from josepy.interfaces import JSONDeSerializable
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 8, in <module>
    from josepy import errors, util
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 4, in <module>
    import OpenSSL
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import rand, crypto, SSL
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/rand.py", line 12, in <module>
    from OpenSSL._util import (
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/_util.py", line 6, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
ImportError: No module named cryptography.hazmat.bindings.openssl.binding

certbot-auto は初回実行時に /opt/eff.org/certbot/ 以下にライブラリをインストールしようとするっぽい(なので mv /opt/eff.org/certbot{,.bak} とかするとまた最初から依存ライブラリをダウンロードしようとする)が、 理由は不明だがなぜか一部のライブラリ (cryptography) がインストールされない時がある。 なので手動でインストールしてやると無事動くようになる。

(念のため事前に sudo 無しで動かして、 /opt/eff.org/certbot/ 以下にインストールされることを確認した)

$ sudo /opt/eff.org/certbot/venv/bin/pip install cryptography

インストール中に赤文字で以下のエラー(警告?)が出たので、念のため zope というライブラリもインストールする。

certbot 0.26.1 requires zope.interface, which is not installed.
certbot-nginx 0.26.1 requires zope.interface, which is not installed.
$ sudo /opt/eff.org/certbot/venv/bin/pip install zope