Question 26748 in CentOS Question posted in
The official documentation can be found here.

Installing SSL package with PIP requires SSL package to be already installed – CentOS

  • CentOS 7 (strict requirement)
  • Python 3.11 (strict requirement)

I had to upgrage a software and it requires now Python 3.11.

I followed instructions from Internet (https://linuxstans.com/how-to-install-python-centos/), and now Python 3.11 is installed, but cannot download anything, so all the programs that have something to do with Internet, including PIP, do not work because SSL package is not installed.

The normal way to install a Python-package is to use PIP, which doesn’t work because the SSL package I’m going to install is not installed.

I tried all the advices in internet, but they are all outdated and not working any more, because they are either not for the 3.11 version of Python or not for CentOS 7.

The error I’m getting when running the application software:

ModuleNotFoundError: No module named ‘_ssl’

When I try to install ssl with pip:

# pip install --trusted-host pypi.org ssl
WARNING: pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/ssl/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/ssl/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/ssl/
WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/ssl/
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/ssl/
Could not fetch URL https://pypi.org/simple/ssl/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/ssl/ (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.")) - skipping
ERROR: Could not find a version that satisfies the requirement ssl (from versions: none)
ERROR: No matching distribution found for ssl
WARNING: pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.")) - skipping

I downloaded GZip files from https://pypi.org/simple/ssl/, unpacked them locally and tried to install them from local source, but PIP insists on HTTPS connection … stupid tool.

What to do?

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    How to get PIP and other HTTPS-based Python programs to work after upgrading to Python 3.11:

    First of all: you don't necessarily need any magical tools like pyenv. May be pyenv would do these steps, but I'd like to understand what is happening. (Ok, I admit that make is also a "magic" tool)

    Briefly describing: during compilation of Python from source code there is an option to inject OpenSSL support directly into it.

    In CentOS 7 Python 2.7.5 is installed by default and couldn't be updated to the later ones using built-in package manager. Python 3.6.8 is the latest version available in the CentOS 7 repos. 3.6 also couldn't be updated to the later ones using the package manager.

    So the only possible solution is to compile Python from source code.

    • Update your yum packages, reboot, install all the packages neccesssary to run OpenSSL and Python.
    • Download the latest OpenSSL source code, unpack and compile.
    • Download the latest Python source code, unpack, configure to use the compiled OpenSSL and compile with altinstall parameter. Do not remove previous Python versions! You will have more problems than benefits. I had to revert virtual machine to the latest snapshot several times, because I destroyed something completely.

    Update and install yum packages

    > yum update
> yum install openssl-devel bzip2-devel libffi-devel

    An article suggests also to install some "Development Tools"

    > yum groupinstall "Development Tools"

    but this step failed for me and I was able to finish the installation without it.

    Download the latest OpenSSL source code, unpack and compile

    I've choosen /usr/src directory to do the manipulations with source code.

    Download

    > cd /usr/src
> wget https://ftp.openssl.org/source/openssl-1.1.1q.tar.gz --no-check-certificate

    Unpack

    > tar -xzvf openssl-1.1.1q.tar.gz
> cd openssl-1.1.1q

    Compile

    > ./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib no-shared zlib-dynamic
> make

    Run tests for the compiled OpenSSL

    > make test

    Install

    > make install

    Check that OpenSSL is installed

    > openssl version
OpenSSL 1.1.1q  5 Jul 2022
> which openssl
/usr/bin/openssl

    Download and compile Python

    Download

    > cd /usr/src
> wget https://www.python.org/ftp/python/3.11.0/Python-3.11.0a4.tgz

    Unpack

    > tar -xzf Python-3.11.0a4.tgz
> cd Python-3.11.0a4

    Configure

    > ./configure --enable-optimizations --with-openssl=/usr

    It is important that the --with-openssl option has the same value as the --prefix option when you configured OpenSSL above!!!

    Compile and install (It's time for a cup of coffee - it takes time)

    > make altinstall

    Checking that Python 3.11 is installed:

    > python3.11 -V
Python 3.11.0a4

    If you have set symbolic links, then Python 3.11 should be callable by "python3" and/or "python" aliases

    > python3 -V
Python 3.11.0a4
> python -V
Python 3.11.0a4

    Also check that PIP is working and that symlink-aliases for it are there.

    Now it's time to check that your Python-based programs are working. Some of them should be installed again by PIP, because they were installed in subdirectories of previous Python versions.

    After doing these manipulations I also got SSL certificates error:

    <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:998)>

    After running

    > pip3 install certifi

    the problem is gone.


  2. 0

    That helped!
    Lord, thank you, I have been suffering for 3 days.
    I’ll add on my own – if you get an error at the make test stage, then it helped me
    yum install cpan
    then
    "cpan -i Text :: Template" and "cpan -f -i Text :: Template"

    I would put a plus, but I can’t, I registered just to say "Thank you" =)

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search