Through multiple tests, found that while can use certbot in chroot of Gluu 3.1.6 on Ubuntu 16.04, it breaks due to conflicts with the OpenSSL setup (not able to get it to use OpenSSL1.1.1 required) insite the Gluu chroot in Gluu 3.1.6, 3.1.7, and 3.1.8. Due to looming EOL for Ubunutu 16.04, our ISP stopped supporting VM images for Ubuntu 16.04 a few months ago. We have limpted along with duplicate images, but can spin up anything new with 16.04, so we really need to move to 18.04. However we can't move to Gluu 4.x for a few more months. Strangely when posting this ticket I can't select Gluu version 3.1.8 from the versions pull-down list. Totally fresh install of Gluu 3.1.8, (also tried with 3.1.7 and 3.1.6 with same problem). certbot -d <fqdn> installs working cert for chroot'd apache2 Working, valid non-self-signed, public ssl certs. ``` Instead: This all works okay which works in 3.1.6 (inside chroot): apt-get update apt-get install software-properties-common add-apt-repository universe add-apt-repository ppa:certbot/certbot apt-get update apt-get install certbot python-certbot-apache Here is where it breaks (may have caused the breakage in one of the steps above?) (works in 3.1.6, but breaks in 3.1.8): root@tfndevau1:~# certbot -d tfndevau1.thefantasy.network Traceback (most recent call last): File "/usr/bin/certbot", line 11, in <module> load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 480, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2693, in load_entry_point return ep.load() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2324, in load return self.resolve() File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2330, in resolve module = __import__(self.module_name, fromlist=['__name__'], level=0) File "/usr/lib/python3/dist-packages/certbot/main.py", line 10, in <module> import josepy as jose File "/usr/lib/python3/dist-packages/josepy/__init__.py", line 44, in <module> from josepy.interfaces import JSONDeSerializable File "/usr/lib/python3/dist-packages/josepy/interfaces.py", line 8, in <module> from josepy import errors, util File "/usr/lib/python3/dist-packages/josepy/util.py", line 4, in <module> import OpenSSL File "/usr/lib/python3/dist-packages/OpenSSL/__init__.py", line 8, in <module> from OpenSSL import crypto, SSL File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 16, in <module> from OpenSSL._util import ( File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 6, in <module> from cryptography.hazmat.bindings.openssl.binding import Binding File "/usr/lib/python3/dist-packages/cryptography/hazmat/bindings/openssl/binding.py", line 13, in <module> from cryptography.hazmat.bindings._openssl import ffi, lib ImportError: /usr/local/lib/libcrypto.so.1.1: version `OPENSSL_1_1_1' not found (required by /usr/lib/python3/dist-packages/cryptography/hazmat/bindings/_openssl.abi3.so) ``` Any suggestions how to resolve this? Works fine in regular Ubuntu 18.04 of the same server, just not inside the chroot. Thanks!