[Fix] ImportError: ‘pyOpenSSL’ module missing required functionality. Try upgrading to v0.14 or newer.

Danila Vershinin
Mar 23, 2018 · 2 min read

Basically a quick fix for renewing certificates via Certbot on CentOS 7.4 machines.

The Problem

When running certbot commands, you get an error like the following:

ImportError: ‘pyOpenSSL’ module missing required functionality. Try upgrading to v0.14 or newer.

The Research

In multiple places all over the web, you would see engineers reporting that pyOpenSSL package which comes with CentOS 7 is too old for certbot.

But due to my line of work, I know for sure it’s not. There are dozens of CentOS 7 servers where certbot runs just fine and I had an issue only on one particular server of my own.

Of course, you can check that your pyOpenSSL is of version 0.13.1, and the error wants you to get a newer one 0.14. Thus those “engineers” even go as far as building custom RPM packages for newer pyOpenSSL :D

The Reason

As a torrent lover, I have once installed the wonderful Flexget via pip. This, of course, mixed the pip install packages via system ones. So the problem getting this error is not the outdated pyOpenSSL. It is the other pip installed packages which rely on it.

The Solution

I have simply removed pip installed packages, then reinstalled the system ones:

pip uninstall requests
yum reinstall python-requests

pip uninstall six
yum reinstall python-six

pip uninstall urllib3
yum reinstall python-urllib3

The certbot is now back to work renewing its certificates.

Conclusion?

Never mix system Python packages with the ones coming from pip. Use virtualenv.

Danila Vershinin

Written by

Performance Oriented DevOp