[solved] Error when upgrading in management/ssl_certificates.py

nilsnh · April 9, 2017, 9:03am

Possibly related to: OpenSSL error when running ssl_certificates.py

I just tried to upgrade to v0.22. This caused some stack traces thrown by management/ssl_certificates.py

I’ve

Upgraded ubuntu 14.04’s packages
Re-run sudo mailinabox
Restarted the box.

With no luck.

Here’s the full log:

Mail-in-a-Box Version:  v0.22

Updating system packages...
Installing system packages...
Initializing system random number generator...
Firewall is active and enabled on system startup
Installing nsd (DNS server)...
Installing Postfix (SMTP server)...
Installing Dovecot (IMAP server)...
Installing OpenDKIM/OpenDMARC...
Installing SpamAssassin...
Installing Nginx (web server)...
Installing Roundcube (webmail)...
Installing ownCloud (contacts/calendar)...
ownCloud is already latest version
Installing Z-Push (Exchange/ActiveSync server)...
Installing Mail-in-a-Box system management daemon...
Installing Munin (system monitoring)...
[FATAL ERROR] Lock already exists: /var/run/munin/munin-update.lock. Dying.
 at /usr/share/perl5/Munin/Master/Update.pm line 128.
cffi library '_openssl' has no function, constant or global variable named 'Cryptography_HAS_EVP_PKEY_DHX'<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>500 Internal Server Error</title>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error and was unable to complete your request.  Either the server is overloaded or there is an error in the application.</p>
Traceback (most recent call last):
  File "management/ssl_certificates.py", line 809, in <module>
    provision_certificates_cmdline()
  File "management/ssl_certificates.py", line 452, in provision_certificates_cmdline
    status = provision_certificates(env, agree_to_tos_url=agree_to_tos_url, logger=my_logger, force_domains=force_domains, show_extended_problems=show_extended_problems)
  File "management/ssl_certificates.py", line 271, in provision_certificates
    import requests.exceptions
  File "/usr/local/lib/python3.4/dist-packages/requests/__init__.py", line 52, in <module>
    from .packages.urllib3.contrib import pyopenssl
  File "/usr/local/lib/python3.4/dist-packages/requests/packages/urllib3/contrib/pyopenssl.py", line 46, in <module>
    import OpenSSL.SSL
  File "/usr/local/lib/python3.4/dist-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import rand, crypto, SSL
  File "/usr/local/lib/python3.4/dist-packages/OpenSSL/rand.py", line 12, in <module>
    from OpenSSL._util import (
  File "/usr/local/lib/python3.4/dist-packages/OpenSSL/_util.py", line 6, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
  File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 141, in <module>
    Binding.init_static_locks()
  File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 122, in init_static_locks
    cls._ensure_ffi_initialized()
  File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 109, in _ensure_ffi_initialized
    cls.lib = build_conditional_library(lib, CONDITIONAL_NAMES)
  File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 69, in build_conditional_library
    if not getattr(lib, condition):
AttributeError: cffi library '_openssl' has no function, constant or global variable named 'Cryptography_HAS_SET_ECDH_AUTO'

-----------------------------------------------

Your Mail-in-a-Box is running.

Please log in to the control panel for further instructions at:

Traceback (most recent call last):
  File "management/status_checks.py", line 990, in <module>
    ssl_certificates = get_ssl_certificates(env)
  File "/home/nilsnh/mailinabox/management/ssl_certificates.py", line 46, in get_ssl_certificates
    pem = load_pem(load_cert_chain(fn)[0])
  File "/home/nilsnh/mailinabox/management/ssl_certificates.py", line 769, in load_pem
    return load_pem_x509_certificate(pem, default_backend())
  File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/backends/__init__.py", line 74, in default_backend
    _default_backend = MultiBackend(_available_backends())
  File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/backends/__init__.py", line 31, in _available_backends
    "cryptography.backends"
  File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/backends/__init__.py", line 30, in <listcomp>
    for ep in pkg_resources.iter_entry_points(
  File "/usr/local/lib/python3.4/dist-packages/pkg_resources/__init__.py", line 2308, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/backends/openssl/__init__.py", line 7, in <module>
    from cryptography.hazmat.backends.openssl.backend import backend
  File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/backends/openssl/backend.py", line 49, in <module>
    from cryptography.hazmat.bindings.openssl import binding
  File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 141, in <module>
    Binding.init_static_locks()
  File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 122, in init_static_locks
    cls._ensure_ffi_initialized()
  File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 109, in _ensure_ffi_initialized
    cls.lib = build_conditional_library(lib, CONDITIONAL_NAMES)
  File "/usr/local/lib/python3.4/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 69, in build_conditional_library
    if not getattr(lib, condition):
AttributeError: cffi library '_openssl' has no function, constant or global variable named 'Cryptography_HAS_SCRYPT'


You will be alerted that the website has an invalid certificate. Check that
the certificate fingerprint matches:

B1:C8:A4:8D:65:69:D4:72:76:5D:4E:26:8F:B9:BB:5B:46:F9:B7:8F:B6:54:BE:92:B2:31:C2:C1:2F:DD:53:4B

Then you can confirm the security exception and continue.

Thoughts

After running into this error I can’t log into the admin panel. I get to the status page but I only get a popup saying that “something went wrong sorry.”

I’ve been using mailinabox for a while now so for the admin panel I have a comodo signed certificate. It might be what openssl is erroring out on. But I’m unsure. Will try to debug a little more but any pointers/tips would be greatly appreciated.

nilsnh · April 9, 2017, 9:31am

So I got further thanks to the upgrade instructions for 0.21. I didn’t know there were significant upgrade steps other than simply running curl -s https://mailinabox.email/setup.sh | sudo bash

I then hit this other stack trace:

Mail-in-a-Box Version:  v0.22

Updating system packages...
Installing system packages...
Initializing system random number generator...
Firewall is active and enabled on system startup
Installing nsd (DNS server)...
Installing Postfix (SMTP server)...
Installing Dovecot (IMAP server)...
Installing OpenDKIM/OpenDMARC...
Installing SpamAssassin...
Installing Nginx (web server)...
Installing Roundcube (webmail)...
Installing ownCloud (contacts/calendar)...
ownCloud is already latest version
Installing Z-Push (Exchange/ActiveSync server)...
Installing Mail-in-a-Box system management daemon...
Installing Munin (system monitoring)...
updated DNS: OpenDKIM configuration
Traceback (most recent call last):
  File "management/ssl_certificates.py", line 809, in <module>
    provision_certificates_cmdline()
  File "management/ssl_certificates.py", line 452, in provision_certificates_cmdline
    status = provision_certificates(env, agree_to_tos_url=agree_to_tos_url, logger=my_logger, force_domains=force_domains, show_extended_problems=show_extended_problems)
  File "management/ssl_certificates.py", line 337, in provision_certificates
    logger=my_logger)
  File "/usr/local/lib/python3.4/dist-packages/free_tls_certificates/client.py", line 76, in issue_certificate
    (cert_pem, chain) = request_certificate_issuance(client, challenges, csr, logger)
  File "/usr/local/lib/python3.4/dist-packages/free_tls_certificates/client.py", line 210, in request_certificate_issuance
    cert_pem = cert_to_pem(cert_response.body)
  File "/usr/local/lib/python3.4/dist-packages/free_tls_certificates/client.py", line 217, in cert_to_pem
    return OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
TypeError: must be X509, not ComparableX509

-----------------------------------------------

Your Mail-in-a-Box is running.

Please log in to the control panel for further instructions at:

Hmm. Will try to google/debug some more.

nilsnh · April 9, 2017, 9:49am

Solved the previous post’s error:

TypeError: must be X509, not ComparableX509

by following the instructions in this github comment: https://github.com/mail-in-a-box/mailinabox/issues/1101#issuecomment-281026627

In short you need to run sudo pip3 uninstall pyOpenSSL at least twice in order to remove package conflicts before reinstalling by running sudo pip3 install pyOpenSSL.

After this I ran sudo mailinabox with no errors!