Jack Moore

Email: jack(at)jmoore53.com
Project Updates

EC2 - No Module Named Cryptography

09 Oct 2019 » AWS, website, production

Error Shows up like this from the Top Rope when attempting to install Certbot Certs for my HTTPS sites on my EC2 Image:

Requesting to rerun /opt/letsencrypt/certbot-auto with root privileges...
Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in <module>
    from certbot.main import main
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 10, in <module>
    import josepy as jose
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py", line 41, in <module>
    from josepy.interfaces import JSONDeSerializable
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 7, in <module>
    from josepy import errors, util
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 7, in <module>
    import OpenSSL
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 12, in <module>
    from cryptography import x509
ImportError: No module named cryptography

I have seen this before which is what really gets me.

Certbot Up

After gettting the certbot up with this HotFix on AWS Linux I was able to run the certbot-auto command.

# rm -rf /opt/eff.org/*
# sudo /usr/bin/local/pip install -U certbot
# 

After running ./certbot-auto --debug I had to ^C out of there because my site wasn’t listed for a renewal, Great. I realized I hadn’t linked the site in /etc/nginx/sites-available to /etc/nginx/sites-enabled so certbot wasn’t picking up on my available site.

For the life of me, I truly can never remember the command to symbolically link (symlink) sites-available to sites-enabled

ln -s /etc/nginx/sites-available/site.conf /etc/nginx/sites-enabled/site.conf

Back to Certbot

I then proceeded to update the certificates without issue. From the output, I stored the location of the letsencrypt certs:

/etc/letsencrypt/live/itsltns.io/fullchain.pem
/etc/letsencrypt/live/itsltns.io/privkey.pem

These two locations would point me to my public and private keys. (As a gentle reminder: don’t share private keys!)

Let’s Encrypt SSL for Nginx in Amazon Linux AMI instance

# Install wget
yum install wget -y

# Install certbot-auto
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

# Obtain SSL certificate with Nginx plugin for the domain
sudo ./certbot-auto --nginx -d app.com --debug

# Test SSL configuration
https://www.ssllabs.com/ssltest/analyze.html?d=app.com

# Configure cron job for SSL auto-renewal
sudo crontab -e

# Add below line in crontab
0 6 * * * /home/ec2-user/certbot-auto renew --text >> /home/ec2-user/certbot-cron.log
© Jack Moore - This site was last built Fri 30 Aug 2024 12:31:24 PM EDT