starred/docker-nginx-full
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/docker-nginx-full.git synced 2026-04-24 22:55:58 +03:00
Code Issues 19 Projects Releases Packages Wiki Activity

[GH-ISSUE #24] AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK' while running certbot #11

New issue
Open
opened 2026-02-27 14:58:06 +03:00 by kerem · 0 comments
kerem commented 2026-02-27 14:58:06 +03:00
Owner
Copy link

Originally created by @mrvelic on GitHub (Nov 15, 2023).
Original GitHub issue: https://github.com/NginxProxyManager/docker-nginx-full/issues/24

Getting this stack trace when running certbot with a DNS challenge (dns-azure):

Traceback (most recent call last):
  File "/usr/bin/certbot", line 5, in <module>
    from certbot.main import main
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 6, in <module>
    from certbot._internal import main as internal_main
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 21, in <module>
    import josepy as jose
  File "/opt/certbot/lib/python3.7/site-packages/josepy/__init__.py", line 40, in <module>
    from josepy.json_util import (
  File "/opt/certbot/lib/python3.7/site-packages/josepy/json_util.py", line 14, in <module>
    from OpenSSL import crypto
  File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1517, in <module>
    class X509StoreFlags(object):
  File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1537, in X509StoreFlags
    CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'

Am running this from the nginx-proxy-manager, but I saw this container is the base container with certbot so figured it was the appropriate place to raise the issue.

From looking up the stack trace, it seems to be related to a dependency mismatch in pyopenssl:
https://stackoverflow.com/questions/73830524/attributeerror-module-lib-has-no-attribute-x509-v-flag-cb-issuer-check

Getting a shell in the container and activating the certbot venv then updating pip and pyopenssl immediately solves the problem (at least until next pull / redeploy). I was happy to put up a PR to include pyopenssl in the pip install for Dockerfile.certbot but I didn't want to create any potential knock on effects for things I may not be aware of, so just reporting it first.

source /opt/certbot/bin/activate
pip install pip --upgrade
pip install pyopenssl --upgrade
Originally created by @mrvelic on GitHub (Nov 15, 2023). Original GitHub issue: https://github.com/NginxProxyManager/docker-nginx-full/issues/24 Getting this stack trace when running certbot with a DNS challenge (dns-azure): ``` Traceback (most recent call last): File "/usr/bin/certbot", line 5, in <module> from certbot.main import main File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 6, in <module> from certbot._internal import main as internal_main File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 21, in <module> import josepy as jose File "/opt/certbot/lib/python3.7/site-packages/josepy/__init__.py", line 40, in <module> from josepy.json_util import ( File "/opt/certbot/lib/python3.7/site-packages/josepy/json_util.py", line 14, in <module> from OpenSSL import crypto File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/__init__.py", line 8, in <module> from OpenSSL import crypto, SSL File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1517, in <module> class X509StoreFlags(object): File "/opt/certbot/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1537, in X509StoreFlags CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK' ``` Am running this from the nginx-proxy-manager, but I saw this container is the base container with certbot so figured it was the appropriate place to raise the issue. From looking up the stack trace, it seems to be related to a dependency mismatch in pyopenssl: https://stackoverflow.com/questions/73830524/attributeerror-module-lib-has-no-attribute-x509-v-flag-cb-issuer-check Getting a shell in the container and activating the certbot venv then updating pip and pyopenssl immediately solves the problem (at least until next pull / redeploy). I was happy to put up a PR to include pyopenssl in the pip install for Dockerfile.certbot but I didn't want to create any potential knock on effects for things I may not be aware of, so just reporting it first. ``` source /opt/certbot/bin/activate pip install pip --upgrade pip install pyopenssl --upgrade ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
http3
certbot4
brotli
No results found.
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-nginx-full#11
No description provided.