Can't set attribute error when trying to get cert

Help
1

My domain is: http://lfsc.shop/

I ran this command: sudo certbot --nginx -d lfsc.shop

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for lfsc.shop
An unexpected error occurred:
AttributeError: can't set attribute
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
DigitalOcean (Droplet)

The operating system my web server runs on is (include version):
Distributor ID: Ubuntu
Description: Ubuntu 23.10
Release: 23.10
Codename: mantic

My hosting provider, if applicable, is:
DigitalOcean (Droplet), Domain name from GoDaddy

I can login to a root shell on my machine (yes or no, or I don't know):

I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

DigitalOcean Droplet Web Console

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 2.1.0

2

Please update Certbot to version 2.3.0 or newer. There was a bug in Certbot 2.1.0 which results in this issue, hiding the real issue.

2 Likes
3

It keeps telling me that certbot 2.1.0 is the latest version
trying to force it to update to 2.3.0 just gives me

error: externally-managed-environment

Ă— This environment is externally managed
╰─> To install Python packages system-wide, try apt install
python3-xyz, where xyz is the package you are trying to
install.

If you wish to install a non-Debian-packaged Python package,
create a virtual environment using python3 -m venv path/to/venv.
Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make
sure you have python3-full installed.

If you wish to install a non-Debian packaged Python application,
it may be easiest to use pipx install xyz, which will manage a
virtual environment for you. Make sure you have pipx installed.

See /usr/share/doc/python3.11/README.venv for more information.
4

Certbot recommends using snap to install Certbot. See Certbot Instructions | Certbot for more information. (All Ubuntu's have the same instructions, so you can use e.g. Ubuntu 20 for your Ubuntu 23.)

Alternatively you could use the pip instructions, but that's not really recommended.

2 Likes
5

no matter what I did, there was no way for me to update my Certbot version above 2.10.0 or remove certbot

I tried the commands below:

sudo apt-get install --reinstall certbot
sudo apt-get clean
sudo apt-get autoclean
sudo apt-get update
sudo apt-get upgrade certbot
certbot --version

6

That's all using apt. Did you try snap?

7

My bad,
So I uninstalled certbot from both /usr/sbin/ and /usr/bin/
then reinstalled with the following commands

sudo snap install --classic certbot
sudo mv /snap/bin/certbot /usr/sbin/

and with the commands certbot --version

I now get the output

root@ubuntu-s-2vcpu-2gb-90gb-intel-sgp1-01:~# certbot --version
snap 2.61.3+23.10
snapd 2.61.3+23.10
series 16
ubuntu 23.10
kernel 6.5.0-27-generic

YAY!

HOWEVER

root@ubuntu-s-2vcpu-2gb-90gb-intel-sgp1-01:~# sudo certbot --nginx -d lfsc.shop
error: unknown flag `nginx'

now "sudo certbot --nginx -d lfsc.shop" doesnt work... xd

8

disregard my last post

root@ubuntu-s-2vcpu-2gb-90gb-intel-sgp1-01:~# snap list
Name Version Rev Tracking Publisher Notes
certbot 2.10.0 3700 latest/stable certbot-effâś“ classic
core 16-2.61.2 16928 latest/stable canonicalâś“ core
core20 20240227 2264 latest/stable canonicalâś“ base
core22 20240111 1122 latest/stable canonicalâś“ base
lxd 5.19-8635f82 26200 latest/stable/… canonical✓ -
snapd 2.61.2 21184 latest/stable canonicalâś“ snapd

my certbot is still 2.10.0

9

2.10.0 != 2.1.0.

2 Likes
10

Even with 2.10.0 im still failing the tests
I get errors with the following hint:

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

This happens even when I use "sudo certbot certonly --nginx"

Im now trying to edit the /etc/nginx/sites-available/default file to see if the issues comes from there. 80/tcp and 443/tcp is already allowed. My own firewall is also not blocking anything

11

That error looks like it would come from sudo certbot --standalone rather than sudo certbot --nginx; do you get a different error from the latter?

1 Like
12

By upgrading you've fixed the "AttributeError: can't set attribute" error (which was the goal of upgrading, as you didn't get the actual error due to the attribute problem) and now you're faced with the actual error preventing your certificate issuance.

Please post the entire error message, as the error is different now. Although the hint hints to a "time out, probablu firewall issue" error message from the ACME server.

By the way: the hostname lfsc.shop has 3 IP addresses configured. Those are probably 3 different hosts? At least one of them isn't working: 188.166.217.71 is giving a connection refused error. The other 2 a HTTP 405 not allowed result.

2 Likes
13

The following is my config for my "/etc/nginx/sites-available/default"

server {
listen 80 default_server;
listen [::]:80 default_server;

# Redirect HTTP traffic to HTTPS
return 301 https://$host$request_uri;

}

server {

root /var/www/html;
index index.php index.html index.htm;

server_name lfsc.shop;

location / {
    try_files $uri $uri/ =404;
}

location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php8.2-fpm.sock;
}

}

Im currently not able to test with " sudo certbot --nginx" since I have hit the validation limit

14

Please use the staging environment for testing.

Also see my previous post about the multiple IP addresses.

2 Likes