Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Python: Can't connect to HTTPS URL because the SSL module is not available

I'm trying to connect to Stripe to setup payments. I have it working on my dev machine, but when I push to prod, I get the following SSL error:

Can't connect to HTTPS URL because the SSL module is not available.

Here are the details of my setup:

  • Ubuntu 16.04
  • Apache 2
  • mod_wsgi
  • Python 3.6
  • Django 1.11
  • Python/django processes are all installed and running in an anaconda (miniconda) virtual environment called "protectyourreviews"

I've read multiple other SO answers that suggest reinstalling python, but to be sure to install dependencies first. That shouldn't be an issue when installing inside and anaconda environment should it? Shouldn't anaconda take care of all of the dependencies for me?

I have HTTPS enabled and working for the entire domain (all requests are routed to https). When I check my install, I do have openssl, and when I open a shell in my django environment, I can import and use the module without issue... so I'm not sure how to continue troubleshooting the issue.

Any help is much appreciated!


Also, heres a stack trace:

File "/home/user/miniconda3/envs/protectyourreviews/lib/python3.6/site-packages/urllib3/connectionpool.py" in urlopen
  589.             conn = self._get_conn(timeout=pool_timeout)

File "/home/user/miniconda3/envs/protectyourreviews/lib/python3.6/site-packages/urllib3/connectionpool.py" in _get_conn
  251.         return conn or self._new_conn()

File "/home/user/miniconda3/envs/protectyourreviews/lib/python3.6/site-packages/urllib3/connectionpool.py" in _new_conn
  827.             raise SSLError("Can't connect to HTTPS URL because the SSL "

During handling of the above exception (Can't connect to HTTPS URL because the SSL module is not available.), another exception occurred:

File "/home/user/miniconda3/envs/protectyourreviews/lib/python3.6/site-packages/requests/adapters.py" in send
  440.                     timeout=timeout

File "/home/user/miniconda3/envs/protectyourreviews/lib/python3.6/site-packages/urllib3/connectionpool.py" in urlopen
  639.                                         _stacktrace=sys.exc_info()[2])

File "/home/user/miniconda3/envs/protectyourreviews/lib/python3.6/site-packages/urllib3/util/retry.py" in increment
  388.             raise MaxRetryError(_pool, url, error or ResponseError(cause))

During handling of the above exception (HTTPSConnectionPool(host='api.stripe.com', port=443): Max retries exceeded with url: /v1/customers (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.",))), another exception occurred:

File "/home/user/miniconda3/envs/protectyourreviews/lib/python3.6/site-packages/stripe/http_client.py" in request
  121.                                                **kwargs)

File "/home/user/miniconda3/envs/protectyourreviews/lib/python3.6/site-packages/requests/sessions.py" in request
  508.         resp = self.send(prep, **send_kwargs)

File "/home/user/miniconda3/envs/protectyourreviews/lib/python3.6/site-packages/requests/sessions.py" in send
  618.         r = adapter.send(request, **kwargs)

File "/home/user/miniconda3/envs/protectyourreviews/lib/python3.6/site-packages/requests/adapters.py" in send
  506.                 raise SSLError(e, request=request)

During handling of the above exception (HTTPSConnectionPool(host='api.stripe.com', port=443): Max retries exceeded with url: /v1/customers (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.",))), another exception occurred:

File "/home/user/miniconda3/envs/protectyourreviews/lib/python3.6/site-packages/django/core/handlers/exception.py" in inner
  41.             response = get_response(request)

File "/home/user/miniconda3/envs/protectyourreviews/lib/python3.6/site-packages/django/core/handlers/base.py" in _get_response
  187.                 response = self.process_exception_by_middleware(e, request)

File "/home/user/miniconda3/envs/protectyourreviews/lib/python3.6/site-packages/django/core/handlers/base.py" in _get_response
  185.                 response = wrapped_callback(request, *callback_args, **callback_kwargs)

File "/home/user/miniconda3/envs/protectyourreviews/lib/python3.6/site-packages/django/views/decorators/csrf.py" in wrapped_view
  58.         return view_func(*args, **kwargs)

File "/home/user/miniconda3/envs/protectyourreviews/lib/python3.6/site-packages/django/contrib/auth/decorators.py" in _wrapped_view
  23.                 return view_func(request, *args, **kwargs)

File "/home/user/protectyourreviews/protectyourreviews/../payments/views.py" in stripe_test
  35.                 source=token

File "/home/user/miniconda3/envs/protectyourreviews/lib/python3.6/site-packages/stripe/resource.py" in create
  467.         response, api_key = requestor.request('post', url, params, headers)

File "/home/user/miniconda3/envs/protectyourreviews/lib/python3.6/site-packages/stripe/api_requestor.py" in request
  150.             method.lower(), url, params, headers)

File "/home/user/miniconda3/envs/protectyourreviews/lib/python3.6/site-packages/stripe/api_requestor.py" in request_raw
  335.             method, abs_url, headers, post_data)

File "/home/user/miniconda3/envs/protectyourreviews/lib/python3.6/site-packages/stripe/http_client.py" in request
  139.             self._handle_request_error(e)

File "/home/user/miniconda3/envs/protectyourreviews/lib/python3.6/site-packages/stripe/http_client.py" in _handle_request_error
  159.         raise error.APIConnectionError(msg)

Exception Type: APIConnectionError at /payments/test/stripe/
Exception Value: Unexpected error communicating with Stripe.  If this problem persists,
let us know at [email protected].

(Network error: SSLError: HTTPSConnectionPool(host='api.stripe.com', port=443): Max retries exceeded with url: /v1/customers (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.",)))

Edit


After re-instaling mod_wsgi in a fresh python virtualenv, it's still trying to open the old anaconda path. I've changed the python-home and python-path directives in WSGIDaemonProcess, but no matter what I try, it's still trying to open python from the miniconda3 directory (which I've deleted).

Here's a trace from Apache error logs:

Current thread 0x00007f99f6769780 (most recent call first):
[Mon Aug 28 20:13:15.264466 2017] [core:notice] [pid 26528] AH00051: child pid 26775 exit signal Aborted (6), possible coredump in /etc/apache2
[Mon Aug 28 20:13:15.264608 2017] [core:notice] [pid 26528] AH00051: child pid 26776 exit signal Aborted (6), possible coredump in /etc/apache2
[Mon Aug 28 20:13:16.340556 2017] [wsgi:info] [pid 26789] mod_wsgi (pid=26789): Python home /home/user/miniconda3/envs/protectyourreviews.
[Mon Aug 28 20:13:16.341203 2017] [wsgi:warn] [pid 26789] (2)No such file or directory: mod_wsgi (pid=26789): Unable to stat Python home /home/user/miniconda3/envs/protectyourreviews. Python interpreter may not be a$
[Mon Aug 28 20:13:16.341357 2017] [wsgi:info] [pid 26789] mod_wsgi (pid=26789): Initializing Python.
Fatal Python error: Py_Initialize: Unable to get the locale encoding
ImportError: No module named 'encodings'

Edit 2


Yes, I did start from a clean source directory. I copied the mod_wsgi tar file to the new directory and ran configure/make/make install in the new directory. I believe I also deleted the apache module files before the new install just in case.

I've tried multiple iterations of the below directives (both / only python-home / only python-path) but no matter what I try, I can't figure out why mod_wsgi keeps looking in the deleted miniconda3 folder. Is there some other config file that I'm forgetting about?

Here's my wsgi.load:

LoadModule wsgi_module /usr/lib/apache2/modules/mod_wsgi.so

Here are my Apache2 directives (where pyr_env is my new Python virtualenv folder):

WSGIDaemonProcess protectyourreviews python-home=/home/user/pyr_env/ python-path=/home/user/protectyourreviews
WSGIProcessGroup protectyourreviews

WSGIScriptAlias / /home/user/protectyourreviews/zz_test/test.wsgi
<Directory /home/user/protectyourreviews/zz_test>
        <Files test.wsgi>
                Require all granted
        </Files>
</Directory>

Edit 3


I followed the instructions you suggested in the docs, and the output follows.

Here's the output of ldd:

$ ldd /usr/lib/apache2/modules/mod_wsgi.so
        linux-vdso.so.1 =>  (0x00007fffad973000)
        libpython3.5m.so.1.0 => /usr/lib/x86_64-linux-gnu/libpython3.5m.so.1.0 (0x00007f05b8c02000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f05b89e5000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f05b861a000)
        libexpat.so.1 => /lib/x86_64-linux-gnu/libexpat.so.1 (0x00007f05b83f1000)
        libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f05b81d7000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f05b7fd2000)
        libutil.so.1 => /lib/x86_64-linux-gnu/libutil.so.1 (0x00007f05b7dcf000)
        libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f05b7ac6000)
        /lib64/ld-linux-x86-64.so.2 (0x0000558bed982000)

And here's the output after unsetting LD_LIBRARY_PATH:

$ unset LD_LIBRARY_PATH
$ ldd /usr/lib/apache2/modules/mod_wsgi.so
        linux-vdso.so.1 =>  (0x00007ffd91bd2000)
        libpython3.5m.so.1.0 => /usr/lib/x86_64-linux-gnu/libpython3.5m.so.1.0 (0x00007f8bec8a6000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f8bec689000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f8bec2be000)
        libexpat.so.1 => /lib/x86_64-linux-gnu/libexpat.so.1 (0x00007f8bec095000)
        libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f8bebe7b000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f8bebc76000)
        libutil.so.1 => /lib/x86_64-linux-gnu/libutil.so.1 (0x00007f8beba73000)
        libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f8beb76a000)
        /lib64/ld-linux-x86-64.so.2 (0x000055e8861a5000)

Edit 4

I made sure permissions are set correctly on the virtual environment folder, and also recompiled again to be absolutely sure I have the correct version. Here's all input and output from the process:

#----CHANGE PERMISSIONS OF VIRTUAL ENVIRONMENT
$ sudo chgrp -R www-data /home/user/pyr_env/
$ sudo chmod -R g+rwx /home/user/pyr_env/

#----DELETE OLD FOLDER
$ rm -r mod_wsgi-4.5.17/

#----START FRESH WITH CONFIG/MAKE/INSTALL
$ tar xvfz 4.5.17.tar.gz
$ cd mod_wsgi-4.5.17/
$ ./configure --with-python=/usr/bin/python3
$ make
$ sudo make install
    /usr/bin/apxs2 -i -S LIBEXECDIR=/usr/lib/apache2/modules -n 'mod_wsgi' src/server/mod_wsgi.la
    /usr/share/apache2/build/instdso.sh SH_LIBTOOL='/usr/share/apr-1.0/build/libtool' src/server/mod_wsgi.la /usr/lib/apache2/modules
    /usr/share/apr-1.0/build/libtool --mode=install install src/server/mod_wsgi.la /usr/lib/apache2/modules/
    libtool: install: install src/server/.libs/mod_wsgi.so /usr/lib/apache2/modules/mod_wsgi.so
    libtool: install: install src/server/.libs/mod_wsgi.lai /usr/lib/apache2/modules/mod_wsgi.la
    libtool: finish: PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/sbin" ldconfig -n /usr/lib/apache2/modules
    ----------------------------------------------------------------------
    Libraries have been installed in:
       /usr/lib/apache2/modules

    If you ever happen to want to link against installed libraries
    in a given directory, LIBDIR, you must either use libtool, and
    specify the full pathname of the library, or use the `-LLIBDIR'
    flag during linking and do at least one of the following:
       - add LIBDIR to the `LD_LIBRARY_PATH' environment variable
         during execution
       - add LIBDIR to the `LD_RUN_PATH' environment variable
         during linking
       - use the `-Wl,-rpath -Wl,LIBDIR' linker flag
       - have your system administrator add LIBDIR to `/etc/ld.so.conf'

    See any operating system documentation about shared libraries for
    more information, such as the ld(1) and ld.so(8) manual pages.
    ----------------------------------------------------------------------
    chmod 644 /usr/lib/apache2/modules/mod_wsgi.so

#----OUTPUT OF LDD
$ ldd /usr/lib/apache2/modules/mod_wsgi.so
        linux-vdso.so.1 =>  (0x00007ffcfb9a9000)
        libpython3.5m.so.1.0 => /usr/lib/x86_64-linux-gnu/libpython3.5m.so.1.0 (0x00007f19ae26f000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f19ae052000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f19adc87000)
        libexpat.so.1 => /lib/x86_64-linux-gnu/libexpat.so.1 (0x00007f19ada5e000)
        libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f19ad844000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f19ad63f000)
        libutil.so.1 => /lib/x86_64-linux-gnu/libutil.so.1 (0x00007f19ad43c000)
        libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f19ad133000)
        /lib64/ld-linux-x86-64.so.2 (0x000055aa1cb7a000)

#----RESTART APACHE
$ sudo apache2ctl restart

Unfortunately I'm seeing the exact same errors in Apache. Here's apache2/error.log:

Current thread 0x00007fb350fee780 (most recent call first):
[Wed Aug 30 14:13:08.130076 2017] [core:notice] [pid 9754] AH00051: child pid 28636 exit signal Aborted (6), possible coredump in /etc/apache2
[Wed Aug 30 14:13:08.130179 2017] [core:error] [pid 9754] AH00546: no record of generation 0 of exiting child 28636
[Wed Aug 30 14:13:08.130833 2017] [wsgi:info] [pid 28639] mod_wsgi (pid=28639): Python home /home/user/miniconda3/envs/protectyourreviews.
[Wed Aug 30 14:13:08.130907 2017] [wsgi:warn] [pid 28639] (2)No such file or directory: mod_wsgi (pid=28639): Unable to stat Python home /home/user/minico$
[Wed Aug 30 14:13:08.130992 2017] [wsgi:info] [pid 28639] mod_wsgi (pid=28639): Initializing Python.
[Wed Aug 30 14:13:08.131665 2017] [wsgi:info] [pid 28638] mod_wsgi (pid=28638): Python home /home/user/miniconda3/envs/protectyourreviews.
[Wed Aug 30 14:13:08.131716 2017] [wsgi:warn] [pid 28638] (2)No such file or directory: mod_wsgi (pid=28638): Unable to stat Python home /home/user/minico$
[Wed Aug 30 14:13:08.131782 2017] [wsgi:info] [pid 28638] mod_wsgi (pid=28638): Initializing Python.
Fatal Python error: Py_Initialize: Unable to get the locale encoding
ImportError: No module named 'encodings'

It's still trying to open the miniconda folder that was deleted...

like image 800
Richard Avatar asked Aug 27 '17 20:08

Richard


People also ask

Why can't I connect to https url with Python?

Can't connect to HTTPS URL because the SSL module is not available. I've read multiple other SO answers that suggest reinstalling python, but to be sure to install dependencies first. That shouldn't be an issue when installing inside and anaconda environment should it? Shouldn't anaconda take care of all of the dependencies for me?

Why can't I install SSL on my Python Server?

The error states that the SSL python module is not available; meaning you either don't have an appropriate ssl lib installed (probably not since you state the system python can pip install fine), or the python you built from source or otherwise installed doesn't include the ssl module.

Is there a TLS/SSL module available in Python?

pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.

Why is SSL not working in Anaconda Python?

When the Python ssl module is imported by your application, it inherits the already loaded system SSL libraries, which are different to what the ssl module was compiled for and expects, thus it fails. So the issue is caused by Anaconda Python ignoring the system SSL libraries and using its own.


1 Answers

The problem is that Anaconda Python ships with its own SSL libraries and does not use the system SSL libraries when compiling the Python ssl module. The mod_ssl module in Apache is using the system libraries.

So if you enable mod_ssl in Apache, it pulls in the system SSL libraries. When the Python ssl module is imported by your application, it inherits the already loaded system SSL libraries, which are different to what the ssl module was compiled for and expects, thus it fails.

So the issue is caused by Anaconda Python ignoring the system SSL libraries and using its own.

The only solution is to use the system Python version and not Anaconda Python, or run your WSGI application using mod_wsgi-express behind your main Apache installation which would only act as termination point for SSL and then proxy to the mod_wsgi-express instance.

Unless you have a specific requirement, is better to use the system Python version and not Anaconda Python.

like image 104
Graham Dumpleton Avatar answered Oct 24 '22 16:10

Graham Dumpleton