Getting this stack trace when running certbot with a DNS challenge (dns-azure):
Traceback (most recent call last):
File "/usr/bin/certbot", line 5, in <module>
from certbot.main import main
File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 6, in <module>
from certbot._internal import main as internal_main
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 21, in <module>
import josepy as jose
File "/opt/certbot/lib/python3.7/site-packages/josepy/__init__.py", line 40, in <module>
from josepy.json_util import (
File "/opt/certbot/lib/python3.7/site-packages/josepy/json_util.py", line 14, in <module>
from OpenSSL import crypto
File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import crypto, SSL
File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1517, in <module>
class X509StoreFlags(object):
File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1537, in X509StoreFlags
CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'
Am running this from the nginx-proxy-manager, but I saw this container is the base container with certbot so figured it was the appropriate place to raise the issue.
Getting a shell in the container and activating the certbot venv then updating pip and pyopenssl immediately solves the problem (at least until next pull / redeploy). I was happy to put up a PR to include pyopenssl in the pip install for Dockerfile.certbot but I didn't want to create any potential knock on effects for things I may not be aware of, so just reporting it first.
Getting this stack trace when running certbot with a DNS challenge (dns-azure):
Am running this from the nginx-proxy-manager, but I saw this container is the base container with certbot so figured it was the appropriate place to raise the issue.
From looking up the stack trace, it seems to be related to a dependency mismatch in pyopenssl: https://stackoverflow.com/questions/73830524/attributeerror-module-lib-has-no-attribute-x509-v-flag-cb-issuer-check
Getting a shell in the container and activating the certbot venv then updating pip and pyopenssl immediately solves the problem (at least until next pull / redeploy). I was happy to put up a PR to include pyopenssl in the pip install for Dockerfile.certbot but I didn't want to create any potential knock on effects for things I may not be aware of, so just reporting it first.