OpenSSL error when running 'sudo mailinabox'

rL_5_BV5aEiHCmRxOxym · November 23, 2016, 1:20am

On a server that has had MIAB installed for a while, I started having sync errors recently.
When attempting to run

curl -s https://mailinabox.email/setup.sh | sudo bash
or
sudo mailinabox

I’m getting the following error:

FAILED: pip3 install email_validator>=1.0.0

Traceback (most recent call last):
File “/usr/local/bin/pip3”, line 11, in
load_entry_point(‘pip==1.5.4’, ‘console_scripts’, ‘pip3’)()
File “/usr/local/lib/python3.4/dist-packages/pkg_resources/init.py”, line 565, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File “/usr/local/lib/python3.4/dist-packages/pkg_resources/init.py”, line 2631, in load_entry_point
return ep.load()
File “/usr/local/lib/python3.4/dist-packages/pkg_resources/init.py”, line 2291, in load
return self.resolve()
File “/usr/local/lib/python3.4/dist-packages/pkg_resources/init.py”, line 2297, in resolve
module = import(self.module_name, fromlist=[‘name’], level=0)
File “/usr/lib/python3/dist-packages/pip/init.py”, line 61, in
from pip.vcs import git, mercurial, subversion, bazaar # noqa
File “/usr/lib/python3/dist-packages/pip/vcs/mercurial.py”, line 9, in
from pip.download import path_to_url
File “/usr/lib/python3/dist-packages/pip/download.py”, line 22, in
import requests, six
File “”, line 2237, in _find_and_load
File “”, line 2226, in _find_and_load_unlocked
File “”, line 1191, in _load_unlocked
File “”, line 1161, in _load_backward_compatible
File “/usr/share/python-wheels/requests-2.2.1-py2.py3-none-any.whl/requests/init.py”, line 53, in
File “”, line 2237, in _find_and_load
File “”, line 2226, in _find_and_load_unlocked
File “”, line 1191, in _load_unlocked
File “”, line 1161, in _load_backward_compatible
File “/usr/share/python-wheels/urllib3-1.7.1-py2.py3-none-any.whl/urllib3/contrib/pyopenssl.py”, line 25, in
File “/usr/local/lib/python3.4/dist-packages/OpenSSL/init.py”, line 8, in
from OpenSSL import rand, crypto, SSL
File “/usr/local/lib/python3.4/dist-packages/OpenSSL/rand.py”, line 12, in
from OpenSSL._util import (
File “/usr/local/lib/python3.4/dist-packages/OpenSSL/_util.py”, line 6, in
from cryptography.hazmat.bindings.openssl.binding import Binding
File “/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py”, line 207, in
Binding.init_static_locks()
File “/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py”, line 178, in init_static_locks
cls._ensure_ffi_initialized()
File “/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py”, line 165, in _ensure_ffi_initialized
cls.lib = build_conditional_library(lib, CONDITIONAL_NAMES)
File “/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py”, line 104, in build_conditional_library
if not getattr(lib, condition):
AttributeError: cffi library ‘_openssl’ has no function, constant or global variable named ‘Cryptography_HAS_SCRYPT’

I can login to admin panel, but can’t access System Status Checks page / TLS Certifications page / Web page / External DNS page. They load with an error “Error - Something went wrong, sorry.”
All other pages in admin panel will load.
Can’t sync with DAVDroid. “Error while downloading remote entries” during Calendar synchronization.
I can still send/recieve emails.

Server is on DO Ubuntu 14.04 with latest updates installed.
Have tried rebooting.

Anyone have any idea on a fix for this issue?

rL_5_BV5aEiHCmRxOxym · November 24, 2016, 9:55am

Seem to be getting a slightly different error now. Its saying something about ECDH now.

FAILED: pip3 install email_validator>=1.0.0

Traceback (most recent call last):
File “/usr/local/bin/pip3”, line 11, in
load_entry_point(‘pip==1.5.4’, ‘console_scripts’, ‘pip3’)()
File “/usr/local/lib/python3.4/dist-packages/pkg_resources/init.py”, line 565, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File “/usr/local/lib/python3.4/dist-packages/pkg_resources/init.py”, line 2631, in load_entry_point
return ep.load()
File “/usr/local/lib/python3.4/dist-packages/pkg_resources/init.py”, line 2291, in load
return self.resolve()
File “/usr/local/lib/python3.4/dist-packages/pkg_resources/init.py”, line 2297, in resolve
module = import(self.module_name, fromlist=[‘name’], level=0)
File “/usr/lib/python3/dist-packages/pip/init.py”, line 61, in
from pip.vcs import git, mercurial, subversion, bazaar # noqa
File “/usr/lib/python3/dist-packages/pip/vcs/mercurial.py”, line 9, in
from pip.download import path_to_url
File “/usr/lib/python3/dist-packages/pip/download.py”, line 22, in
import requests, six
File “”, line 2237, in _find_and_load
File “”, line 2226, in _find_and_load_unlocked
File “”, line 1191, in _load_unlocked
File “”, line 1161, in _load_backward_compatible
File “/usr/share/python-wheels/requests-2.2.1-py2.py3-none-any.whl/requests/init.py”, line 53, in
File “”, line 2237, in _find_and_load
File “”, line 2226, in _find_and_load_unlocked
File “”, line 1191, in _load_unlocked
File “”, line 1161, in _load_backward_compatible
File “/usr/share/python-wheels/urllib3-1.7.1-py2.py3-none-any.whl/urllib3/contrib/pyopenssl.py”, line 25, in
File “/usr/local/lib/python3.4/dist-packages/OpenSSL/init.py”, line 8, in
from OpenSSL import rand, crypto, SSL
File “/usr/local/lib/python3.4/dist-packages/OpenSSL/rand.py”, line 12, in
from OpenSSL._util import (
File “/usr/local/lib/python3.4/dist-packages/OpenSSL/_util.py”, line 6, in
from cryptography.hazmat.bindings.openssl.binding import Binding
File “/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py”, line 207, in
Binding.init_static_locks()
File “/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py”, line 178, in init_static_locks
cls._ensure_ffi_initialized()
File “/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py”, line 165, in _ensure_ffi_initialized
cls.lib = build_conditional_library(lib, CONDITIONAL_NAMES)
File “/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py”, line 104, in build_conditional_library
if not getattr(lib, condition):
AttributeError: cffi library ‘_openssl’ has no function, constant or global variable named ‘Cryptography_HAS_SET_ECDH_AUTO’

Heady · November 27, 2016, 11:41pm

I have a similar problem when trying to upgrade from v0.19c to v0.20 where there seems to be two issues:

Seems to drag in a http server response…
Errors on a SSL issue where a parameter/variable doesn’t seem to exist.

Primary Hostname: cloud.xxxxxxxxxx.xx
Public IP Address: xxx.xxx.xxx.xxx
Public IPv6 Address: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
Mail-in-a-Box Version: v0.20

Updating system packages…
Installing system packages…
Initializing system random number generator…
Firewall is active and enabled on system startup
Installing nsd (DNS server)…
Installing Postfix (SMTP server)…
Installing Dovecot (IMAP server)…
Installing OpenDKIM/OpenDMARC…
Installing SpamAssassin…
Installing Nginx (web server)…
Installing Roundcube (webmail)…
Installing ownCloud (contacts/calendar)…
upgrading ownCloud to 8.2.7 (backing up existing ownCloud directory to /tmp/owncloud-backup-2639)…
ownCloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
Set log level to debug - current level: 'Warning’
Turned on maintenance mode
Checking whether the database schema can be updated (this can take a long time depending on the database size)
Checked database schema update
Checking updates of apps
Checked database schema update for apps
Updating database schema
Updated database
Disabled 3rd-party app: calendar
Disabled 3rd-party app: contacts
Updating <files_pdfviewer> …
Updated <files_pdfviewer> to 0.7.1
Update successful
Turned off maintenance mode
Reset log level to 'Warning’
ownCloud is already latest version
Installing Z-Push (Exchange/ActiveSync server)…
Installing Mail-in-a-Box system management daemon…
Installing Munin (system monitoring)…
cffi library ‘_openssl’ has no function, constant or global variable named ‘Cryptography_HAS_SET_ECDH_AUTO’

500 Internal Server Error

Internal Server Error

The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.

Traceback (most recent call last): File "management/ssl_certificates.py", line 807, in provision_certificates_cmdline() File "management/ssl_certificates.py", line 450, in provision_certificates_cmdline status = provision_certificates(env, agree_to_tos_url=agree_to_tos_url, logger=my_logger, force_domains=force_domains, show_extended_problems=show_extended_problems) File "management/ssl_certificates.py", line 271, in provision_certificates import requests.exceptions File "/usr/local/lib/python3.4/dist-packages/requests/__init__.py", line 52, in from .packages.urllib3.contrib import pyopenssl File "/usr/local/lib/python3.4/dist-packages/requests/packages/urllib3/contrib/pyopenssl.py", line 47, in import OpenSSL.SSL File "/usr/local/lib/python3.4/dist-packages/OpenSSL/__init__.py", line 8, in from OpenSSL import rand, crypto, SSL File "/usr/local/lib/python3.4/dist-packages/OpenSSL/rand.py", line 12, in from OpenSSL._util import ( File "/usr/local/lib/python3.4/dist-packages/OpenSSL/_util.py", line 6, in from cryptography.hazmat.bindings.openssl.binding import Binding File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 207, in Binding.init_static_locks() File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 178, in init_static_locks cls._ensure_ffi_initialized() File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 165, in _ensure_ffi_initialized cls.lib = build_conditional_library(lib, CONDITIONAL_NAMES) File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 104, in build_conditional_library if not getattr(lib, condition): AttributeError: cffi library '_openssl' has no function, constant or global variable named 'Cryptography_HAS_SCRYPT'

Your Mail-in-a-Box is running.

Please log in to the control panel for further instructions at:

Traceback (most recent call last):
File “management/status_checks.py”, line 966, in
ssl_certificates = get_ssl_certificates(env)
File “/home/akh/mailinabox/management/ssl_certificates.py”, line 47, in get_ssl_certificates
pem = load_pem(load_cert_chain(fn)[0])
File “/home/akh/mailinabox/management/ssl_certificates.py”, line 765, in load_pem
return serialization.load_pem_private_key(pem, password=None, backend=default_backend())
File “/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/backends/init.py”, line 71, in default_backend
_default_backend = MultiBackend(_available_backends())
File “/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/backends/init.py”, line 28, in _available_backends
"cryptography.backends"
File “/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/backends/init.py”, line 27, in
for ep in pkg_resources.iter_entry_points(
File “/usr/local/lib/python3.4/dist-packages/pkg_resources/init.py”, line 2297, in resolve
module = import(self.module_name, fromlist=[‘name’], level=0)
File “/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/backends/openssl/init.py”, line 7, in
from cryptography.hazmat.backends.openssl.backend import backend
File “/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/backends/openssl/backend.py”, line 48, in
from cryptography.hazmat.bindings.openssl import binding
File “/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py”, line 207, in
Binding.init_static_locks()
File “/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py”, line 178, in init_static_locks
cls._ensure_ffi_initialized()
File “/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py”, line 165, in _ensure_ffi_initialized
cls.lib = build_conditional_library(lib, CONDITIONAL_NAMES)
File “/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py”, line 104, in build_conditional_library
if not getattr(lib, condition):
AttributeError: cffi library ‘_openssl’ has no function, constant or global variable named 'Cryptography_HAS_SET_ECDH_AUTO’
https://xxx.xxx.xxx.xxx/admin

You will be alerted that the website has an invalid certificate. Check that
the certificate fingerprint matches:

xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx

Then you can confirm the security exception and continue.

jean · November 29, 2016, 12:17pm

I have the same problem. After running a sudo mailinabox, I ran into the same error!

Here is the feedback in copy:

FAILED: pip3 install email_validator>=1.0.0
-----------------------------------------
Traceback (most recent call last):
  File "/usr/local/bin/pip3", line 11, in <module>
    load_entry_point('pip==1.5.4', 'console_scripts', 'pip3')()
  File "/usr/local/lib/python3.4/dist-packages/pkg_resources/__init__.py", line 565, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/local/lib/python3.4/dist-packages/pkg_resources/__init__.py", line 2631, in load_entry_point
    return ep.load()
  File "/usr/local/lib/python3.4/dist-packages/pkg_resources/__init__.py", line 2291, in load
    return self.resolve()
  File "/usr/local/lib/python3.4/dist-packages/pkg_resources/__init__.py", line 2297, in resolve                                                                                            
    module = __import__(self.module_name, fromlist=['__name__'], level=0)                     
  File "/usr/lib/python3/dist-packages/pip/__init__.py", line 61, in <module>                 
    from pip.vcs import git, mercurial, subversion, bazaar  # noqa                            
  File "/usr/lib/python3/dist-packages/pip/vcs/mercurial.py", line 9, in <module>             
    from pip.download import path_to_url                                                      
  File "/usr/lib/python3/dist-packages/pip/download.py", line 22, in <module>                 
    import requests, six                                                                      
  File "<frozen importlib._bootstrap>", line 2237, in _find_and_load                          
  File "<frozen importlib._bootstrap>", line 2226, in _find_and_load_unlocked                 
  File "<frozen importlib._bootstrap>", line 1191, in _load_unlocked                          
  File "<frozen importlib._bootstrap>", line 1161, in _load_backward_compatible               
  File "/usr/share/python-wheels/requests-2.2.1-py2.py3-none-any.whl/requests/__init__.py", line 53, in <module>                                                                            
  File "<frozen importlib._bootstrap>", line 2237, in _find_and_load                          
  File "<frozen importlib._bootstrap>", line 2226, in _find_and_load_unlocked                 
  File "<frozen importlib._bootstrap>", line 1191, in _load_unlocked                          
  File "<frozen importlib._bootstrap>", line 1161, in _load_backward_compatible               
  File "/usr/share/python-wheels/urllib3-1.7.1-py2.py3-none-any.whl/urllib3/contrib/pyopenssl.py", line 25, in <module>                                                                     
  File "/usr/local/lib/python3.4/dist-packages/OpenSSL/__init__.py", line 8, in <module>      
    from OpenSSL import rand, crypto, SSL                                                     
  File "/usr/local/lib/python3.4/dist-packages/OpenSSL/rand.py", line 12, in <module>         
    from OpenSSL._util import (                                                               
  File "/usr/local/lib/python3.4/dist-packages/OpenSSL/_util.py", line 6, in <module>         
    from cryptography.hazmat.bindings.openssl.binding import Binding                          
  File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 207, in <module>                                                                      
    Binding.init_static_locks()
  File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 178, in init_static_locks
    cls._ensure_ffi_initialized()
  File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 165, in _ensure_ffi_initialized
    cls.lib = build_conditional_library(lib, CONDITIONAL_NAMES)
  File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 104, in build_conditional_library
    if not getattr(lib, condition):
AttributeError: cffi library '_openssl' has no function, constant or global variable named 'Cryptography_HAS_SCRYPT'

I can access the web admin interface, but the checks fails and returns with the message: Something went wrong.

I tried to rerun the “mailinabox” setup again, but I’m still getting the same error. I tried to figure out to fix the single error of the email validator, but no chance! I need to get this back running. Please help us!

JoshData · November 29, 2016, 1:37pm

Something strange happened. I also had the same problem after, I think, some Python packages got updated. The problem seems to be some incompatibility between the Python packages pyOpenSSL and cryptography.

I was able to solve this by removing pyOpenSSL and cryptography completely and then re-installing pyOpenSSL:

sudo apt-get -y purge python3-openssl
sudo rm -rf /usr/local/lib/python3.4/dist-packages/{OpenSSL,cryptography}*
sudo pip3 install pyOpenSSL

Then running the Mail-in-a-Box setup again:

sudo mailinabox

(or the curl...|bash command).

(Actually this isn’t exactly what I did, but now that I’ve fixed my box I can’t go back to try out these commands, but they will hopefully work. As a note to self: cryptography is explicitly installed by Mail-in-a-Box setup so it will get installed again. pyOpenSSL isn’t, but it’s depended on by acme, and since acme may already be installed pip won’t look at its dependencies, so we have to explicitly put pyOpenSSL back.)

Let me know whether this fixes things?

jean · November 29, 2016, 2:48pm

Josh! It worked! Thanks a lot, in less then 1 minute, the problem was solved. mailinabox could run through its process without interruption. Thumbs Up!

ccfiel · December 1, 2016, 12:39am

@JoshData

I tried your solution but it did not work. I got this error after I run sudo mailinabox

web updated
Traceback (most recent call last):
  File "management/ssl_certificates.py", line 807, in <module>
    provision_certificates_cmdline()
  File "management/ssl_certificates.py", line 450, in provision_certificates_cmdline
    status = provision_certificates(env, agree_to_tos_url=agree_to_tos_url, logger=my_logger, force_domains=force_domains, show_extended_problems=show_extended_problems)
  File "management/ssl_certificates.py", line 272, in provision_certificates
    import acme.messages
  File "/usr/local/lib/python3.4/dist-packages/acme/messages.py", line 4, in <module>
    from acme import challenges
  File "/usr/local/lib/python3.4/dist-packages/acme/challenges.py", line 9, in <module>
    import OpenSSL
ImportError: No module named 'OpenSSL'

-----------------------------------------------

Your Mail-in-a-Box is running.

Any Idea how to resolve this issue. Thanks in advance.

Chris

ccfiel · December 1, 2016, 1:10am

Ok I solve my problem by adding a command

sudo apt-get install python3-openssl

hondaman · December 1, 2016, 4:31pm

My install is still broken.

mailuser@box:~$ curl -s https://mailinabox.email/setup.sh | sudo bash

FAILED: pip3 install email_validator>=1.0.0

Traceback (most recent call last):
File “/usr/bin/pip3”, line 9, in
load_entry_point(‘pip==1.5.4’, ‘console_scripts’, ‘pip3’)()
File “/usr/local/lib/python3.4/dist-packages/pkg_resources/init.py”, line 565, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File “/usr/local/lib/python3.4/dist-packages/pkg_resources/init.py”, line 2631, in load_entry_point
return ep.load()
File “/usr/local/lib/python3.4/dist-packages/pkg_resources/init.py”, line 2291, in load
return self.resolve()
File “/usr/local/lib/python3.4/dist-packages/pkg_resources/init.py”, line 2297, in resolve
module = import(self.module_name, fromlist=[‘name’], level=0)
File “/usr/lib/python3/dist-packages/pip/init.py”, line 61, in
from pip.vcs import git, mercurial, subversion, bazaar # noqa
File “/usr/lib/python3/dist-packages/pip/vcs/mercurial.py”, line 9, in
from pip.download import path_to_url
File “/usr/lib/python3/dist-packages/pip/download.py”, line 22, in
import requests, six
File “”, line 2237, in _find_and_load
File “”, line 2226, in _find_and_load_unlocked
File “”, line 1191, in _load_unlocked
File “”, line 1161, in _load_backward_compatible
File “/usr/share/python-wheels/requests-2.2.1-py2.py3-none-any.whl/requests/init.py”, line 53, in
File “”, line 2237, in _find_and_load
File “”, line 2226, in _find_and_load_unlocked
File “”, line 1191, in _load_unlocked
File “”, line 1161, in _load_backward_compatible
File “/usr/share/python-wheels/urllib3-1.7.1-py2.py3-none-any.whl/urllib3/contrib/pyopenssl.py”, line 25, in
File “/usr/local/lib/python3.4/dist-packages/OpenSSL/init.py”, line 8, in
from OpenSSL import rand, crypto, SSL
File “/usr/local/lib/python3.4/dist-packages/OpenSSL/rand.py”, line 12, in
from OpenSSL._util import (
File “/usr/local/lib/python3.4/dist-packages/OpenSSL/_util.py”, line 6, in
from cryptography.hazmat.bindings.openssl.binding import Binding
File “/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py”, line 207, in
Binding.init_static_locks()
File “/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py”, line 178, in init_static_locks
cls._ensure_ffi_initialized()
File “/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py”, line 165, in _ensure_ffi_initialized
cls.lib = build_conditional_library(lib, CONDITIONAL_NAMES)
File “/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py”, line 104, in build_conditional_library
if not getattr(lib, condition):
AttributeError: cffi library ‘_openssl’ has no function, constant or global variable named ‘Cryptography_HAS_SCRYPT’

michaelkroes · December 1, 2016, 4:54pm

Could you check the solutions mentioned in this topic Version 0.21 is posted

hondaman · December 1, 2016, 5:03pm

God bless, that fixed it. I get really anxious when my email server is down.

michaelkroes · December 1, 2016, 5:42pm

Good! Glad to hear. It probably wasn’t down, just the management interface I think.

davinian · December 6, 2016, 9:55am

Also had same error upgrading to v0.21b.
FAILED: pip3 install email_validator>=1.0.0
@JoshData your solution above has fixed it for me - cheers

naude · December 27, 2016, 10:10am

Thanks @JoshData on Ubuntu 14.04 doing the 0.21b upgrade had the same error - your pyOpenSSL purge/install was perfect.