[solved] add domain: error module 'lib' has no attribute 'X509_get_notAfter'

wbk · January 7, 2022, 5:58pm

Hi all,

I am unable to add a new subdomain to my Yunohost.

Server hardware architecture is lxc amd64
Server is running Linux kernel 5.11.22-5-pve
Server is running Debian 10.11
Server is running YunoHost 4.3.5 (stable)

Yunohost update tells me the system is up-to-date, apt also does not have any updates.

The first time I try to add a specific domain, there is some log. When I try to add the same domain again, it crashes immediately.

‘First time’ log: https://paste.yunohost.org/raw/fanecihuvu

‘Second time’ log: https://paste.yunohost.org/raw/veqewadayu

When I try to add a subdomain to any domain, I get the same errors. Adding a completely new domain also does not work.

The same error applies whether I use the web interface or the CLI.

The ‘X509_get_notAfter’ can be found online more often, but I did not get any hits on the forum. Anyone else observing this behaviour?

Aleks · January 7, 2022, 7:11pm

Hmokay … let’s have a look at the output of dpkg --list | grep ssl maybe

wbk · January 7, 2022, 7:31pm

That gives me

# dpkg --list | grep ssl 
ii  libevent-openssl-2.1-6:amd64          2.1.8-stable-4                                                           amd64        Asynchronous event notification library (openssl)
ii  libflac8:amd64                        1.3.2-3                                                                  amd64        Free Lossless Audio Codec - runtime C library
ii  libgnutls-openssl27:amd64             3.6.7-4+deb10u7                                                          amd64        GNU TLS library - OpenSSL wrapper
ii  libio-socket-ssl-perl                 2.060-3                                                                  all          Perl module implementing object oriented interface to SSL sockets
ii  libnet-smtp-ssl-perl                  1.04-1                                                                   all          Perl module providing SSL support to Net::SMTP
ii  libnet-ssleay-perl                    1.85-2+b1                                                                amd64        Perl module for Secure Sockets Layer (SSL)
ii  libssl-dev:amd64                      1.1.1d-0+deb10u7                                                         amd64        Secure Sockets Layer toolkit - development files
ii  libssl-doc                            1.1.1j-1+0~20210220.23+debian10~1.gbp2578a0                              all          Secure Sockets Layer toolkit - development documentation
ii  libssl1.0.2:amd64                     1.0.2u-1~deb9u3                                                          amd64        Secure Sockets Layer toolkit - shared libraries
ii  libssl1.1:amd64                       1.1.1d-0+deb10u7                                                         amd64        Secure Sockets Layer toolkit - shared libraries
ii  libwavpack1:amd64                     5.1.0-6                                                                  amd64        audio codec (lossy and lossless) - library
ii  libzstd1:amd64                        1.4.8+dfsg-2+0~20210302.3+debian10~1.gbp8effd2                           amd64        fast lossless compression algorithm
ii  openssl                               1.1.1d-0+deb10u7                                                         amd64        Secure Sockets Layer toolkit - cryptographic utility
ii  perl-openssl-defaults:amd64           3                                                                        amd64        version compatibility baseline for Perl OpenSSL packages
ii  python3-openssl                       19.0.0-1                                                                 all          Python 3 wrapper around the OpenSSL library
ii  ssl-cert                              1.0.39                                                                   all          simple debconf wrapper for OpenSSL
#

That is 16 lines, vs 12 on another Yunohost that does not have a problem.

This one (with problem) has more apps installed and backports is enabled (I think I enabled them way back for a Matrix-bridge…)

The differences, these are extra on the broken installation:

libevent-openssl-2.1-6:amd64          2.1.8-stable-4 
libflac8:amd64                        1.3.2-3  
libssl-doc                            1.1.1j-1+0~20210220.23+debian10~1.gbp2578a0
libssl1.0.2:amd64                     1.0.2u-1~deb9u3

These are another version (here=broken, there=ok)

here  libzstd1:amd64                        1.4.8+dfsg-2+0~20210302.3+debian10~1.gbp8effd2  
there libzstd1:amd64                        1.3.8+dfsg-3+deb10u2

The broken one got two versions of libssl, 1.0.2 and 1.1:

libssl1.0.2:amd64                     1.0.2u-1~deb9u3   
libssl1.1:amd64                       1.1.1d-0+deb10u7

Aleks · January 7, 2022, 7:52pm

Hmyeah but it looks okay though … For example on my RPi I do have 3 versions of libssl and that’s alright

What really matters here i think is the version of openssl and python3-openssl … maybe libssl1.1 too

Anyway : let’s also maybe have a look at ls -ld /usr/local/lib/python3*/dist-packages/*

I’m suspecting that some python lib installed with pip could trigger some inconsistency

Let’s also have a look at dpkg --list | grep crypt | grep python3

wbk · January 7, 2022, 7:55pm

For those differences:

# apt-cache rdepends libevent-openssl-2.1-6:amd64 
libevent-openssl-2.1-6
Reverse Depends:
  libevent-dev
  coturn
  sslsplit
  libspdylay-utils
  libradsec0
  libevhtp0
  coturn

# apt-cache rdepends libflac8:amd64
libflac8
Reverse Depends:
  libflac-dev
  polyphone
  kodi-audioencoder-flac
  cmus
  butt
  chromium-shell
  ...
  ... 
  # too many, probably Peertube dependencies/recommends; media, but not SSL related it seems

# apt-cache rdepends libssl-doc 
libssl-doc
Reverse Depends:
  libssl-dev

# apt-cache rdepends libssl1.0.2:amd64 
libssl1.0.2
Reverse Depends:
  libbind9-140
  libisccfg140
  libirs141
  libdns162
  libdns-export162
 |librhash0
 |rhash

# the gbp8effd2-version of libzstd1
# apt-cache rdepends libzstd1:amd64
libzstd1
Reverse Depends:
  libzstd-dev
  libzim6
  ugrep
  tor
  systemd
  libsystemd0
  ...
  ... 
  borgbackup
  libboost-iostreams1.74.0
  libboost-iostreams1.71.0
  php8.1-zstd
  php8.1-redis
  php8.1-mongodb
  ...
  ...

I don’t know how to make a cross-section between the dependencies and installed packages though.

wbk · January 7, 2022, 7:56pm

Ok, looking into it, thanks!

Aleks · January 7, 2022, 7:57pm

(libzstd is unrelated, it’s a “lossless compression algorithm” for audio stuff, it’ just that “lossless” contains “ssl” )

wbk · January 7, 2022, 7:58pm

That is quite a bunch,

# ls -ld /usr/local/lib/python3*/dist-packages/*
drwxr-sr-x  5 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/aiofiles
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/aiofiles-0.7.0.dist-info
drwxr-sr-x  6 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/ajsonrpc
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/ajsonrpc-1.2.0.dist-info
-rw-r--r--  1 root staff    606 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/alldefconfig.py
-rw-r--r--  1 root staff   1221 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/allmodconfig.py
-rw-r--r--  1 root staff   1217 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/allnoconfig.py
-rw-r--r--  1 root staff   1685 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/allyesconfig.py
drwxr-sr-x  7 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/anyio
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/anyio-3.4.0.dist-info
drwxr-sr-x  3 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/asgiref
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/asgiref-3.4.1.dist-info
drwxr-sr-x  4 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/backports
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/backports.zoneinfo-0.2.1.dist-info
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/bitstring-3.1.9.dist-info
-rwxr-xr-x  1 root staff 179627 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/bitstring.py
drwxr-sr-x  3 root staff   4096 Dec 23 19:41 /usr/local/lib/python3.7/dist-packages/cffi
drwxr-sr-x  2 root staff   4096 Dec 23 19:41 /usr/local/lib/python3.7/dist-packages/cffi-1.15.0.dist-info
-rwxr-xr-x  1 root staff 715816 Dec 23 19:41 /usr/local/lib/python3.7/dist-packages/_cffi_backend.cpython-37m-x86_64-linux-gnu.so
drwxr-sr-x  3 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/click
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/click-8.0.3.dist-info
drwxr-sr-x  3 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/colorama
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/colorama-0.4.4.dist-info
drwxr-sr-x  5 root staff   4096 Dec 23 20:11 /usr/local/lib/python3.7/dist-packages/cryptography
drwxr-sr-x  2 root staff   4096 Dec 23 20:11 /usr/local/lib/python3.7/dist-packages/cryptography-36.0.1.dist-info
-rw-r--r--  1 root staff   1151 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/defconfig.py
drwxr-sr-x  3 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/ecdsa
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/ecdsa-0.17.0.dist-info
drwxr-sr-x  8 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/elftools
-rw-r--r--  1 root staff   6748 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/espefuse.py
drwxr-sr-x  6 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/esphome
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/esphome-2021.12.2.dist-info
drwxr-sr-x  4 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/esphome_dashboard
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/esphome_dashboard-20211211.0.dist-info
drwxr-sr-x  4 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/espressif
-rw-r--r--  1 root staff  44943 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/espsecure.py
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/esptool-3.2.dist-info
-rw-r--r--  1 root staff 255275 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/esptool.py
drwxr-sr-x  3 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/examples
-rw-r--r--  1 root staff   5326 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/genconfig.py
drwxr-sr-x  3 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/google
-rw-r--r--  1 root staff  73635 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/guiconfig.py
drwxr-sr-x  4 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/h11
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/h11-0.12.0.dist-info
drwxr-sr-x  3 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/idna
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/idna-3.3.dist-info
drwxr-sr-x  3 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/ifaddr
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/ifaddr-0.1.7.dist-info
drwxr-sr-x  3 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/importlib_metadata
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/importlib_metadata-4.10.0.dist-info
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/kconfiglib-13.7.1.dist-info
-rw-r--r--  1 root staff 259245 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/kconfiglib.py
-rw-r--r--  1 root staff   2618 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/listnewconfig.py
drwxr-sr-x  3 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/marshmallow
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/marshmallow-3.14.1.dist-info
-rw-r--r--  1 root staff 104221 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/menuconfig.py
drwxr-sr-x  5 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/noise
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/noiseprotocol-0.3.1.dist-info
-rw-r--r--  1 root staff   8079 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/oldconfig.py
-rw-r--r--  1 root staff    760 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/olddefconfig.py
drwxr-sr-x  4 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/paho
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/paho_mqtt-1.6.1.dist-info
drwxr-sr-x  5 root staff   4096 Dec 23 19:43 /usr/local/lib/python3.7/dist-packages/pip
drwxr-sr-x  2 root staff   4096 Dec 23 19:43 /usr/local/lib/python3.7/dist-packages/pip-21.3.1.dist-info
drwxr-sr-x 12 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/platformio
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/platformio-5.2.2.dist-info
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/protobuf-3.19.1.dist-info
-rw-r--r--  1 root staff    539 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/protobuf-3.19.1-nspkg.pth
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/__pycache__
drwxr-sr-x  4 root staff   4096 Dec 23 19:41 /usr/local/lib/python3.7/dist-packages/pycparser
drwxr-sr-x  2 root staff   4096 Dec 23 19:41 /usr/local/lib/python3.7/dist-packages/pycparser-2.21.dist-info
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/pyelftools-0.27.dist-info
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/pyserial-3.5.dist-info
drwxr-sr-x  3 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/pytz_deprecation_shim
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/pytz_deprecation_shim-0.1.0.post0.dist-info
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/PyYAML-6.0.dist-info
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/reedsolo-1.5.4.dist-info
-rw-r--r--  1 root staff  70730 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/reedsolo.py
-rw-r--r--  1 root staff   1332 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/savedefconfig.py
drwxr-sr-x  3 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/scripts
drwxr-sr-x  3 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/semantic_version
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/semantic_version-2.8.5.dist-info
drwxr-sr-x  6 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/serial
-rw-r--r--  1 root staff   2663 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/setconfig.py
drwxr-sr-x  4 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/sniffio
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/sniffio-1.2.0.dist-info
drwxr-sr-x  4 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/starlette
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/starlette-0.16.0.dist-info
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/tabulate-0.8.9.dist-info
-rw-r--r--  1 root staff  62917 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/tabulate.py
drwxr-sr-x  5 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/tornado
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/tornado-6.1.dist-info
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/typing_extensions-4.0.1.dist-info
-rw-r--r--  1 root staff  87149 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/typing_extensions.py
drwxr-sr-x  4 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/tzdata
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/tzdata-2021.5.dist-info
drwxr-sr-x  3 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/tzlocal
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/tzlocal-4.1.dist-info
drwxr-sr-x  9 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/uvicorn
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/uvicorn-0.15.0.dist-info
drwxr-sr-x  3 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/voluptuous
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/voluptuous-0.12.2.dist-info
drwxr-sr-x  3 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/wsproto
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/wsproto-1.0.0.dist-info
drwxr-sr-x  3 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/_yaml
drwxr-sr-x  3 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/yaml
drwxr-sr-x  6 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/zeroconf
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/zeroconf-0.36.13.dist-info
drwxr-sr-x  2 root staff   4096 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/zipp-3.6.0.dist-info
-rw-r--r--  1 root staff   8425 Dec 23 19:31 /usr/local/lib/python3.7/dist-packages/zipp.py
#

That one is easier to digest,

dpkg --list | grep crypt | grep python3
ii  python3-asn1crypto                    0.24.0-1                                                                 all          Fast ASN.1 parser and serializer (Python 3)
ii  python3-bcrypt                        3.1.6-1                                                                  amd64        password hashing library for Python 3
ii  python3-crypto                        2.6.1-9+b1                                                               amd64        cryptographic algorithms and protocols for Python 3
ii  python3-cryptography                  2.6.1-3+deb10u2                                                          amd64        Python library exposing cryptographic recipes and primitives (Python 3)
#

, I got what I asked for

wbk · January 7, 2022, 8:01pm

I see all Python is 3.7, my Python might be on manual. Let me check, first open the door over here

Aleks · January 7, 2022, 8:13pm

I’m thinking that may be related, though that would be quite weird that any version of that package would not ship x509 bindings

Can you share the output of

python3 -c "import cryptography; print(cryptography)"

and

python3 -c "import cryptography.hazmat.bindings._openssl; print(cryptography.hazmat.bindings._openssl)"

wbk · January 7, 2022, 8:27pm

# python3 -c "import cryptography; print(cryptography)"
<module 'cryptography' from '/usr/local/lib/python3.7/dist-packages/cryptography/__init__.py'>

and

# python3 -c "import cryptography.hazmat.bindings._openssl; print(cryptography.hazmat.bindings._openssl)"
<module 'cryptography.hazmat.bindings._openssl' from '/usr/local/lib/python3.7/dist-packages/cryptography/hazmat/bindings/_openssl.abi3.so'>

By the way,

there is no update-alternatives for Python It’s PHP that is manual at 7.3

wbk · January 7, 2022, 8:47pm

There has been an update of Python cryptography not too long ago,

# ls /usr/local/lib/python3.7/dist-packages/cryptography/ -hals
total 48K
4.0K -rw-r--r--  1 root staff  417 Dec 23 20:11 __about__.py.
..
4.0K drwxr-sr-x  3 root staff 4.0K Dec 23 20:11 x509

Let me try (edited for brevity)

# apt remove python3-crypto
...
# apt install python3-crypto
# yunohost domain add example.com
Info: The operation 'Add 'example.com' domain into system configuration' could not be completed. 
....
AttributeError: module 'lib' has no attribute 'X509_get_notAfter'

TL;DR: that didn’t do the trick

wbk · January 7, 2022, 8:53pm

edit, moved apt-story to the post above

wbk · January 7, 2022, 9:02pm

The initial error points at line 1407 of python OpenSSL/crypto.py, it is the :return-line in the text below:

    def get_subject(self):
        """
        Return the subject of this certificate.

        This creates a new :class:`X509Name` that wraps the underlying subject
        name field on the certificate. Modifying it will modify the underlying
        certificate, and will have the effect of modifying any other
        :class:`X509Name` that refers to this subject.

        :return: The subject of this certificate.
        :rtype: :class:`X509Name`
        """
        name = self._get_name(_lib.X509_get_subject_name)
        self._subject_invalidator.add(name)
        return name

the lines of the log are:

Aleks · January 7, 2022, 9:07pm

So the explanation is that something (probably an app ? can you think which one ? maybe one of the matrix bridge you mentionned?) globally installed “cryptography” using pip - instead of doing so in a virtualenv

That breaks yunohost’s python code because in python, by default, modules located in /usr/local/lib gets the priority over the one installed in /usr/lib (= by the distribution)

The fix should be to run “pip3 remove cryptography”, but that might break the app that needs it

wbk · January 7, 2022, 9:09pm

Fixing the app in that case is next up, I’ll first try unpipping cryptography!

wbk · January 7, 2022, 9:18pm

Uninstalling cryptography-36.0.1:
  Would remove:
    /usr/local/lib/python3.7/dist-packages/cryptography-36.0.1.dist-info/*
    /usr/local/lib/python3.7/dist-packages/cryptography/*
Proceed (Y/n)? y
  Successfully uninstalled cryptography-36.0.1

Ok, I don’t know which packages I’m missing now:


  File "/usr/lib/python3/dist-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 12, in <module>
    from cryptography import x509
ModuleNotFoundError: No module named 'cryptography'

Python3 crypto(graphy, tried both) is the newest version:

apt install python3-crypto
Reading package lists... Done
Building dependency tree       
Reading state information... Done
python3-crypto is already the newest version (2.6.1-9+b1).

It seems I at least still got the same four Python3 crypt-packages as earlier.
Do I need to update a path for Python or something like that?

wbk · January 7, 2022, 9:21pm

Wohoo, reinstall did the trick:

root@online:~# apt reinstall python3-cryptography

and now:

root@online:~# yunohost domain add example.com
Success! Self-signed certificate now installed for the domain 'example.com'
Success! Configuration updated for 'metronome'
Success! Configuration updated for 'nginx'
Success! Configuration updated for 'postfix'
Success! Configuration updated for 'dnsmasq'
Success! Domain created

Pity I don’t have the pip anymore, tracking the date could have given a hint why or what I installed. I’ll update the thread if I ever find out (within the month grace-period)

wbk · January 7, 2022, 9:25pm

Thanks a lot for your patience and help, I learned a lot tonight!

Aleks · January 7, 2022, 9:52pm

The date is there ^ Dec 23 20:11