Note: I originally posted this on StackOverflow, and a user there suggested it was better suited for here. I’m going to remove the question there, but just wanted to disclose.
I am trying to get a version of Python 3.11 (or other recent version) working with SSL support so I can get certbot working. I have tried installing with apt and building from source. Neither works. Below are descriptions of both approaches. I don’t need both fixed, I just need one to work, and I don’t really care which.
I am running on a VPS and cannot install a different version of Ubuntu.
Proof of brokenness:
$ python3 -V
Python 3.11.3
$ sudo python3 -m venv /opt/certbot/
$ /opt/certbot/bin/pip install --upgrade pip
WARNING: pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.
Requirement already satisfied: pip in /opt/certbot/lib/python3.11/site-packages (22.3.1)
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/pip/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/pip/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/pip/
WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/pip/
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/pip/
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.")) - skipping
WARNING: pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.")) - skipping
WARNING: There was an error checking the latest version of pip.
Also:
$ python3 -m ssl
Traceback (most recent call last):
File "<frozen runpy>", line 198, in _run_module_as_main
File "<frozen runpy>", line 88, in _run_code
File "/usr/local/lib/python3.11/ssl.py", line 100, in <module>
import _ssl # if we can't import it, let the error propagate
^^^^^^^^^^^
ModuleNotFoundError: No module named '_ssl'
OpenSSL is installed:
$ openssl version
OpenSSL 3.1.3 19 Sep 2023 (Library: OpenSSL 3.1.3 19 Sep 2023)
libssl-dev is installed:
$ sudo apt-get install openssl libssl-dev
Reading package lists... Done
Building dependency tree
Reading state information... Done
libssl-dev is already the newest version (1.0.2g-1ubuntu4.20).
openssl is already the newest version (1.0.2g-1ubuntu4.20).
0 upgraded, 0 newly installed, 0 to remove and 92 not upgraded.
Build From Source
I’ve tried many things, including scrupulously following the instructions on the selected answer below, which includes building openssl from source and building python from source. It appears that python just can’t find ssl.
Key things to note are my Python build command:
$ sudo ./configure --with-openssl=/usr --enable-optimizations
and proof that openssl lives where I say it does:
$ ls /usr/include/openssl/ssl.h
/usr/include/openssl/ssl.h
Here is a snippet of the output from the python build:
The necessary bits to build these optional modules were not found:
_hashlib _lzma _ssl
_tkinter _uuid
To find the necessary bits, look in setup.py in detect_modules() for the module's name.
Could not build the ssl module!
Python requires a OpenSSL 1.1.1 or newer
Custom linker flags may require --with-openssl-rpath=auto
Finally, I’ve verified that the version of Python I’m using in the tests above is the same one I built by looking at the paths and file dates, so I know I’m not being led astray by a stale version from a previous build somewhere.
Install with apt
I followed these instructions scrupulously:
https://iohk.zendesk.com/hc/en-us/articles/16724475448473-Install-Python-3-11-on-ubuntu
The odd thing is that there is no actual mention of python here. I’ve tried removing python3.11 with apt then reinstalling, but got to the same place.
$ sudo apt install python3.11
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'postgresql-plpython3-11' for regex 'python3.11'
postgresql-plpython3-11 is already the newest version (11.12-1.pgdg16.04+1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/PostgreSQL.list:1 and /etc/apt/sources.list.d/pgdg.list:1
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/PostgreSQL.list:1 and /etc/apt/sources.list.d/pgdg.list:1
W: Target Translations (main/i18n/Translation-en_US) is configured multiple times in /etc/apt/sources.list.d/PostgreSQL.list:1 and /etc/apt/sources.list.d/pgdg.list:1
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/PostgreSQL.list:1 and /etc/apt/sources.list.d/pgdg.list:1
My goal is to get a relatively recent version of Python running with ssl support so I can install certbot. I don’t really care if I build it myself or install it some other way.
