Another "AttributeError: 'module' object has no attribute 'TLSSNI01'" help post

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
parcoursetdetours.ca

I ran this command:
certbot renew --dry-run

It produced this output:
An unexpected error occurred:
AttributeError: 'module' object has no attribute 'TLSSNI01'
Please see the logfile '/tmp/tmp13xIsy/log' for more details.

That file has:
2020-12-17 15:59:43,276:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 9, in
load_entry_point('certbot==1.9.0', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1332, in main
plugins = plugins_disco.PluginsRegistry.find_all()
File "/usr/lib/python2.7/site-packages/certbot/_internal/plugins/disco.py", line 236, in find_all
plugin_ep = cls._load_entry_point(entry_point, plugins, with_prefix=False)
File "/usr/lib/python2.7/site-packages/certbot/_internal/plugins/disco.py", line 251, in _load_entry_point
plugin_ep = PluginEntryPoint(entry_point, with_prefix)
File "/usr/lib/python2.7/site-packages/certbot/_internal/plugins/disco.py", line 56, in init
self.plugin_cls = entry_point.load()
File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 2260, in load
entry = import(self.module_name, globals(),globals(), ['name'])
File "/usr/lib/python2.7/site-packages/certbot_apache/entrypoint.py", line 4, in
from certbot_apache import configurator
File "/usr/lib/python2.7/site-packages/certbot_apache/configurator.py", line 32, in
from certbot_apache import http_01
File "/usr/lib/python2.7/site-packages/certbot_apache/http_01.py", line 13, in
class ApacheHttp01(common.TLSSNI01):
File "/usr/lib/python2.7/site-packages/certbot/plugins/common.py", line 443, in getattr
return getattr(self._module, attr)
AttributeError: 'module' object has no attribute 'TLSSNI01'
2020-12-17 15:59:43,276:ERROR:certbot._internal.log:An unexpected error occurred:
2020-12-17 15:59:43,276:ERROR:certbot._internal.log:AttributeError: 'module' object has no attribute 'TLSSNI01'

My web server is (include version):
Server version: Apache/2.4.6 (Red Hat Enterprise Linux)
Server built: Apr 21 2020 10:19:09

The operating system my web server runs on is (include version):
Red Hat Enterprise Linux Server release 7.9 (Maipo)

My hosting provider, if applicable, is:
N/A

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Not sure. Old admin left, inherited this server.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Produce the same error as above

Did my research, ran
yum update certbot python2-certbot-apache

which told my both are up to date

package certbot-1.9.0-1.el7.noarch is already installed
package python2-certbot-apache-1.9.0-1.el7.noarch is already installed

Certificate has expired since Dec 10th. This server has been working fine for years. Not sure why it's complaining now

This does not match what python2-certbot-apache-1.9.0-1.el7.noarch should be.

Perhaps:

yum reinstall python2-certbot-apache

If that doesn't work, what's the output of:

find /usr/lib/python2.7/site-packages/certbot_apache/ -type d

Thanks for the very quick reply

That fixed it. This server has many vhosts and although it did renew that cert, it also gave me the following error while running certbot -q renew

Attempting to renew cert (coffres.ca) from /etc/letsencrypt/renewal/coffres.ca.conf produced an unexpected error: (104, 'Connection reset by peer'). Skipping.
Attempting to renew cert (dev.clicenligne.ca) from /etc/letsencrypt/renewal/dev.clicenligne.ca.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.
Attempting to renew cert (fondationdelacite.ca) from /etc/letsencrypt/renewal/fondationdelacite.ca.conf produced an unexpected error: (104, 'Connection reset by peer'). Skipping.
Attempting to renew cert (lacitedesaffaires.com) from /etc/letsencrypt/renewal/lacitedesaffaires.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.
The following certs could not be renewed:
  /etc/letsencrypt/live/coffres.ca/fullchain.pem (failure)
  /etc/letsencrypt/live/dev.clicenligne.ca/fullchain.pem (failure)
  /etc/letsencrypt/live/fondationdelacite.ca/fullchain.pem (failure)
  /etc/letsencrypt/live/lacitedesaffaires.com/fullchain.pem (failure)
4 renew failure(s), 0 parse failure(s)

Some have been expired since last year! Oh well, I guess I have more digging to do...

Welcome to the Let's Encrypt Community, Sylvain

You have certificates configured to use the manual authenticator, which requires either human intervention or "hook" scripts to setup/cleanup the challenges.

As for the "connection reset by peer" errors, they're most likely caused by webserver configuration issues. Maybe proxy related?

You might consider using

certbot certificates

and noting the names of unwanted certificates not in use then using

certbot delete --cert-name name

to get rid of those cruft certificates.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.