Building certbot from sources - 32bit possible?

Since my Ubuntu server 18.04 LTS is 32bits, I cannot apt-update to newer versions of certbot and thus I am still running certbot 0.31.0. Also migrating my system to 64bits is not in near reach.

Would it be possible to build a recent certbot from sources ? I git cloned the certbot repo to my machine. But I'm lost when looking into the root of the distribution directory. So many different certbots. No Makefile, not the typical README with install instructions. It's a closed book to me.

You better use alternative ACME client, for example

The problem is not certbot itself (certbot is only a bunch of python scripts which does not need to be compiled), but supported python version. Latest version certbot requires python 3.6+.

(correction: requires python 3.7+)

1 Like

I have:

# python3 --version
Python 3.6.9

Where do I find ?

use venv if needed Certbot Instructions | Certbot


If you followed the pip instructions linked above, you could install Certbot v1.23.0. Not amazingly new, but waaaay newer than 0.31.0. Support for Python 3.6 was removed in the following release.

More pertinently, Ubuntu 18.04 is EOL and no longer receiving any updates, so you should move off it as soon as you can anyway.

If you are stuck with 32-bit for some reason, you could replace Ubuntu 18.04 with Debian 12, which still produces installation media for 32-bit hardware and packages the relatively recent Certbot v2.1.0.


But were there breaking changes introduced in subsequent versions?

1 Like

The website is just


There are breaking changes in certbot itself between 1.x and 2.x.

Not really, you can still subscribe to (pay for) ESM support.


use venv if needed Certbot Instructions | Certbot

It began so promising, but now:

  running build_ext
  running build_rust
      =============================DEBUG ASSISTANCE=============================
      If you are seeing a compilation error please try the following steps to
      successfully install cryptography:
      1) Upgrade to the latest pip and try again. This will fix errors for most
         users. See:
      2) Read for specific
         instructions for your platform.
      3) Check our frequently asked questions for more information:
      4) Ensure you have a recent Rust toolchain installed:
      Python: 3.6.9
      platform: Linux-3.13.0-160-generic-i686-with-Ubuntu-18.04-bionic
      pip: n/a
      setuptools: 59.6.0
      setuptools_rust: 1.1.2
      rustc: n/a
      =============================DEBUG ASSISTANCE=============================
  error: can't find Rust compiler
  If you are using an outdated pip version, it is possible a prebuilt wheel is available for this package but pip is not able to install from it. Installing from the wheel would avoid the need for a Rust compiler.
  To update pip, run:
      pip install --upgrade pip
  and then retry package installation.
  If you did intend to build this package from source, try installing a Rust compiler from your system package manager and ensure it is on the PATH during installation. Alternatively, rustup (available at is the recommended way to download and update the Rust compiler toolchain.
  This package requires Rust >=1.48.0.
  ERROR: Failed building wheel for cryptography
Failed to build cryptography
ERROR: Could not build wheels for cryptography, which is required to install pyproject.toml-based projects

After installing

apt install rustc
apt install cargo

I ended up in more errors saying python 3.6 not supported and

warning: /tmp/pip-install-8ypoloxf/cryptography_446acb05a5704ef9a09bf09ba0f4c252/src/rust/target/release/build/cryptography-rust-e9ae9ad16ce6710b/out/_openssl.c:57:10: fatal error: Python.h: No such file or directory
  warning:  #include <Python.h>
  warning:           ^~~~~~~~~~
  warning: compilation terminated.

Will give it another try with Python 3.7 if that is possible at all.

1 Like

I abandoned this attempt and reinstalled the 0.31.0 package again.
With having certbot removed and reinstalled again, are my related scripts or whatever takes care for the cert renewal every 90 days, gone now?

You can check your certs and their profiles with this:

sudo certbot certificates

You can check your renew command with

sudo certbot renew --dry-run

Omit sudo in above commands if not needed

And, you can check whether a renew is scheduled using the instructions here:


Thanks. It turned out that the certificates were still there.

# certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Could not choose appropriate plugin: The requested apache plugin does not appear to be installed
Attempting to renew cert ( from /etc/letsencrypt/renewal/ produced an unexpected error: The requested apache plugin does not appear to be installed. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/ (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/ (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

1 Like

It looks like you might also need to install the certbot-apache plugin, then.

But I'll second the notion above that with older systems, you might want a different client that can be easily installed with minimal other dependencies, like maybe something from the Bash or Go sections of the client list.

And of course be aware that even with a certificate, if you're not up-to-date on security patches, then you can't guarantee that connections to your server are "secured" in any sense.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.