How to , and other stuff about linux, photo, php … Another blog just like others on internet

March 12, 2018

Amazon ec2 ami certbot-auto problem

Filed under: Linux — Tags: , , , , , , — admin @ 11:15 am

Today tried to renew some ssl and surprise


certbot-auto renew
Error: couldn’t get currently installed version for /opt/
Traceback (most recent call last):
File “/opt/”, line 7, in <module>
from certbot.main import main
File “/opt/”, line 10, in <module>
import josepy as jose
File “/opt/”, line 41, in <module>
from josepy.interfaces import JSONDeSerializable
File “/opt/”, line 8, in <module>
from josepy import errors, util
File “/opt/”, line 4, in <module>
import OpenSSL
File “/opt/”, line 8, in <module>
from OpenSSL import rand, crypto, SSL
File “/opt/”, line 12, in <module>
from OpenSSL._util import (
File “/opt/”, line 6, in <module>
from cryptography.hazmat.bindings.openssl.binding import Binding
ImportError: No module named cryptography.hazmat.bindings.openssl.binding


Well tryied everything

rm -rf /opt/    ( didn’t worked for me )

Reinstalled same problem.

The only solution was this found on a comment on github

$ /opt/ install –upgrade certbot
$ /opt/ –help




January 11, 2017

php 5.6 ssl verify error

Filed under: Linux — Tags: , , — admin @ 12:15 pm

New problem in town . A server could not send e-mail using php . But can connect using telnet .
stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:#012error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Some error from php class.
Well it appear that there is no cert on server
php -r “print_r(openssl_get_cert_locations());”

[default_cert_file] => /etc/pki/tls/cert.pem
[default_cert_file_env] => SSL_CERT_FILE
[default_cert_dir] => /etc/pki/tls/certs
[default_cert_dir_env] => SSL_CERT_DIR
[default_private_dir] => /etc/pki/tls/private
[default_default_cert_area] => /etc/pki/tls
[ini_cafile] =>
[ini_capath] =>

For me this file was not there
After I run
I have copy the file
/etc/pki/tls/certs/ca-bundle.crt to /etc/pki/tls/cert.pem and it worked .



Today facing same problem but more complicated. The cer.pem was there ..but mail was not sending . So how to debug it ?

Well first of all we need to see what root certificat is needed.

So I run

openssl s_client -crlf -connect

depth=0 C = EN, CN =
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = EN, CN =
verify error:num=21:unable to verify the first certificate
verify return:1


issuer=/C=IL/O=StartCom Ltd./OU=StartCom Certification Authority/CN=StartCom Class 1 DV Server CA

No client certificate CA names sent


From here we see that we need StartCom Class 1 DV Server CA

So I search on google and find it here

So I download the CA pem file into /etc/pki/ca-trust/source/anchors/

and after this run also

update-ca-trust extract

After this all was working fine.



More information can be found here

Trusting additional CAs in Fedora / RHEL / CentOS: an alternative to editing /etc/pki/tls/certs/ca-bundle.crt (or /etc/pki/tls/cert.pem)

and here

October 5, 2015

Comodo intermediate certificate

Filed under: Linux — Tags: , , , — admin @ 11:22 am

Well when try to install a ssl certificate from comodo they send you a zip with 4 files.

If you want to install this on apache it sholuld be something like this

SSLCertificateFile /path/www_domain_com.crt
SSLCertificateKeyFile /path/www_domain_com.key
SSLCACertificateFile /path/intermediate.crt

Where intermediate.crt is
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > intermediate.crt

December 16, 2014

Setting up HAProxy with SSL

Filed under: Linux — Tags: , , , , — admin @ 2:02 pm

Well today I was set up a haproxy to use ssl, and did’t figure out from first time how to get only one file for the pem.
In haproxy you have only one file with all certificates.

So the order is this:
cat >>
cat >>
cat intermediate.bundle >>

After this just add the
bind *:443 ssl crt /etc/ssl/
And you will have the right one.

April 23, 2012

Invalid command “SSLEngine”, perhaps misspelled or defined by a module not included in the server configuration

Filed under: Linux — Tags: , , , , — admin @ 3:53 pm

If you have bellow error you should install mod_ssl
“Invalid command “SSLEngine”, perhaps misspelled or defined by a module not included in the server configuration”
The error message indicates that the module mod_ssl required to run SSL engine on a CentOS server is missing and needs to be installed.
Install the mod_ssl module using yum
yum install mod_ssl
Once it is installed, make sure to restart the Apache service
service httpd restart

Powered by WordPress