Let's encrypt failure: exception on /ssl/provision

I’m trying to do first-time provisioning of a Let’s Encrypt cert, and encountering a python crash on ssl/provision. It happens consistently across reboots and reruns of mailinabox, on the latest version at the time of writing (0.21b).

Dec 18 20:05:04 mail Exception on /ssl/provision [POST]#012Traceback (most recent call last):#012 File "/usr/lib/python3/dist-packages/flask/app.py", line 1817, in wsgi_app#012 response = self.full_dispatch_request()#012 File "/usr/lib/python3/dist-packages/flask/app.py", line 1477, in full_dispatch_request#012 rv = self.handle_user_exception(e)#012 File "/usr/lib/python3/dist-packages/flask/app.py", line 1381, in handle_user_exception#012 reraise(exc_type, exc_value, tb)#012 File "/usr/lib/python3/dist-packages/flask/_compat.py", line 33, in reraise#012 raise value#012 File "/usr/lib/python3/dist-packages/flask/app.py", line 1475, in full_dispatch_request#012 rv = self.dispatch_request()#012 File "/usr/lib/python3/dist-packages/flask/app.py", line 1461, in dispatch_request#012 return self.view_functions[rule.endpoint](**req.view_args)#012 File "/usr/local/bin/mailinabox-daemon", line 55, in newview#012 return viewfunc(*args, **kwargs)#012 File "/usr/local/bin/mailinabox-daemon", line 384, in ssl_provision_certs#012 jsonable=True)#012 File "/root/mailinabox/management/ssl_certificates.py", line 337, in provision_certificates#012 logger=my_logger)#012 File "/usr/local/lib/python3.4/dist-packages/free_tls_certificates/client.py", line 64, in issue_certificate#012 agree_to_tos_url, validation_method, acme_server, logger)#012 File "/usr/local/lib/python3.4/dist-packages/free_tls_certificates/client.py", line 112, in validate_domain_ownership#012 acme_server=acme_server)#012 File "/usr/local/lib/python3.4/dist-packages/free_tls_certificates/client.py", line 317, in create_client#012 client = acme.client.Client(acme_server, key)#012 File "/usr/local/lib/python3.4/dist-packages/acme/client.py", line 63, in __init__#012 self.net.get(directory).json())#012 File "/usr/local/lib/python3.4/dist-packages/acme/client.py", line 624, in get#012 self._send_request('GET', url, **kwargs), content_type=content_type)#012 File "/usr/local/lib/python3.4/dist-packages/acme/client.py", line 606, in _send_request#012 response = self.session.request(method, url, *args, **kwargs)#012 File "/usr/local/lib/python3.4/dist-packages/requests/sessions.py", line 488, in request#012 resp = self.send(prep, **send_kwargs)#012 File "/usr/local/lib/python3.4/dist-packages/requests/sessions.py", line 609, in send#012 r = adapter.send(request, **kwargs)#012 File "/usr/local/lib/python3.4/dist-packages/requests/adapters.py", line 423, in send#012 timeout=timeout#012 File "/usr/local/lib/python3.4/dist-packages/requests/packages/urllib3/connectionpool.py", line 594, in urlopen#012 chunked=chunked)#012 File "/usr/local/lib/python3.4/dist-packages/requests/packages/urllib3/connectionpool.py", line 350, in _make_request#012 self._validate_conn(conn)#012 File "/usr/local/lib/python3.4/dist-packages/requests/packages/urllib3/connectionpool.py", line 835, in _validate_conn#012 conn.connect()#012 File "/usr/local/lib/python3.4/dist-packages/requests/packages/urllib3/connection.py", line 311, in connect#012 cert_reqs=resolve_cert_reqs(self.cert_reqs),#012 File "/usr/local/lib/python3.4/dist-packages/requests/packages/urllib3/util/ssl_.py", line 267, in create_urllib3_context#012 context.set_ciphers(ciphers or DEFAULT_CIPHERS)#012 File "/usr/local/lib/python3.4/dist-packages/requests/packages/urllib3/contrib/pyopenssl.py", line 385, in set_ciphers#012 self._ctx.set_cipher_list(ciphers)#012TypeError: must be str, not bytes

I’m seeing the same error on a box that has been upgraded to v0.21b.

Just looking through gitbuh issues, this looks relevant:

Confirming that ensuring that the system python-openssl package was gone and reinstalling via pip3 fixed the issue for me, i.e.:

apt-get remove python-openssl
pip3 uninstall pyOpenSSL
pip3 install pyOpenSSL --upgrade

3 Likes

After quite a bit of thrashing about, the above three commands worked for me as well.

It worked great for me! :slight_smile: Thanks!