When you see the error openssl: error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file, it typically means one of three things:
- The library file is missing from your system
- The library exists but isn't in the library search path
- You have version conflicts between installed OpenSSL packages
First, let's verify what versions of OpenSSL are installed:
# Check installed OpenSSL version
rpm -qa | grep openssl
# Locate existing libcrypto files
find /usr/lib* /lib* -name "libcrypto.so*" -exec ls -la {} \;
# Check library paths
echo $LD_LIBRARY_PATH
ldconfig -v | grep libcrypto
For CentOS 6.8, the stable version is 1.0.1e. Let's reinstall it:
# Remove problematic installations
yum remove openssl -y
# Clean yum cache
yum clean all
# Install proper version
yum install openssl-1.0.1e -y
# Verify installation
openssl version
If you specifically need 1.1 version (not recommended for CentOS 6):
# Find where libcrypto.so.1.1 should be
whereis libcrypto
# Create symbolic link (example path)
ln -s /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
# Update library cache
ldconfig
# Verify
ldd $(which openssl)
For advanced users who need specific features:
# Download source
wget https://www.openssl.org/source/openssl-1.1.1.tar.gz
tar -xzf openssl-1.1.1.tar.gz
cd openssl-1.1.1
# Configure and install
./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib
make
make test
make install
# Update environment variables
echo 'export PATH=/usr/local/openssl/bin:$PATH' >> /etc/profile
echo '/usr/local/openssl/lib' >> /etc/ld.so.conf.d/openssl.conf
ldconfig -v
To avoid similar problems:
- Always backup configuration files before updates
- Use
yum historyto track changes - Consider using containers for testing major version upgrades
- Maintain proper documentation of all manual installations
Remember that CentOS 6 uses OpenSSL 1.0.1 by default, and upgrading to 1.1.x series requires careful consideration of all dependent applications.
This error typically occurs when there's a version mismatch between the OpenSSL binary and the required shared libraries. From your yum output, I see you're running OpenSSL 1.0.1e while the system is looking for version 1.1.x libraries.
First, let's verify the exact version and paths:
# Check OpenSSL version
openssl version -a
# Find where OpenSSL is looking for libraries
ldd $(which openssl)
# Check existing libcrypto locations
find / -name libcrypto.so* -type f 2>/dev/nullFor CentOS 6.x, the most reliable solution is to create proper symlinks:
# First find where your libcrypto is installed
sudo find / -name libcrypto.so* 2>/dev/null
# Typical locations (adjust paths as needed):
sudo ln -s /usr/lib64/libcrypto.so.1.0.1e /usr/lib64/libcrypto.so.1.1
sudo ln -s /usr/lib64/libssl.so.1.0.1e /usr/lib64/libssl.so.1.1
# Update linker cache
sudo ldconfigIf you specifically need OpenSSL 1.1.x on CentOS 6:
# Install required dependencies
sudo yum install -y gcc make perl zlib-devel
# Download and compile OpenSSL 1.1.x
wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz
tar -xzf openssl-1.1.1w.tar.gz
cd openssl-1.1.1w
./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib
make
sudo make install
# Update system paths
echo '/usr/local/openssl/lib' | sudo tee /etc/ld.so.conf.d/openssl-1.1.1.conf
sudo ldconfigAfter applying either solution:
# Verify library linking
ldd $(which openssl)
# Check version
openssl versionIf you're using nginx, you'll need to recompile it against the new OpenSSL version:
# Find current configure arguments
nginx -V 2>&1 | grep configure
# Recompile with new OpenSSL path
./configure [your existing arguments] --with-openssl=/usr/local/openssl
make
sudo make installIf things go wrong, you can revert:
# For yum-based installations
sudo yum downgrade openssl
# For compiled installations
sudo rm -rf /usr/local/openssl
sudo rm /etc/ld.so.conf.d/openssl-1.1.1.conf
sudo ldconfig