certbot

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Gerard E. Seibert <jerry_at_seibercom.net>
Date: Sat, 20 Apr 2024 13:16:33 UTC
I am currently running FreeBSD 14.0-RELEASE-p6.

When running the following command from CRON, I receive an error
message.

/usr/local/bin/certbot renew –apache

Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 5, in <module>
    from certbot.main import main
  File "/usr/local/lib/python3.9/site-packages/certbot/main.py", line
6, in <module> from certbot._internal import main as internal_main
  File
"/usr/local/lib/python3.9/site-packages/certbot/_internal/main.py",
line 21, in <module> import josepy as jose File
"/usr/local/lib/python3.9/site-packages/josepy/__init__.py", line 40,
in <module> from josepy.json_util import ( File
"/usr/local/lib/python3.9/site-packages/josepy/json_util.py", line 24,
in <module> from OpenSSL import crypto File
"/usr/local/lib/python3.9/site-packages/OpenSSL/__init__.py", line 8,
in <module> from OpenSSL import SSL, crypto File
"/usr/local/lib/python3.9/site-packages/OpenSSL/SSL.py", line 9, in
<module> from OpenSSL._util import ( File
"/usr/local/lib/python3.9/site-packages/OpenSSL/_util.py", line 6, in
<module> from cryptography.hazmat.bindings.openssl.binding import
Binding File
"/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/openssl/binding.py",
line 15, in <module> from cryptography.exceptions import InternalError
File
"/usr/local/lib/python3.9/site-packages/cryptography/exceptions.py",
line 9, in <module> from cryptography.hazmat.bindings._rust import
exceptions as rust_exceptions RuntimeError: OpenSSL 3.0's legacy
provider failed to load. This is a fatal error by default, but
cryptography supports running without legacy algorithms by setting the
environment variable CRYPTOGRAPHY_OPENSSL_NO_LEGACY. If you did not
expect this error, you have likely made a mistake with your OpenSSL
configuration.

If I run the command from the command line, it works as expected. I did
place the following in the environment: CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1

I have the latest version of OpenSSL installed:
OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)

Why is this failure only when I run the command from CRON, not the
command line?

I Googled this problem and found this solution:

vi /usr/local/bin/certbot

after import sys:
import os
os.environ['CRYPTOGRAPHY_OPENSSL_NO_LEGACY'] = '1'

Before I do something that might compromise my system, I want to
confirm that this is how to correct the problem. This is the present
content:

# -*- coding: utf-8 -*-
import re
import sys
from certbot.main import main
if __name__ == "__main__":
    sys.argv[0] = re.sub(r"(-script\.pyw|\.exe)?$", "", sys.argv[0])
    sys.exit(main())

When inserting the new text, do I remove everything after “import sys”?

I still do not understand why this error only happens from CRON.