Cerbot and Ubuntu 22.04.3 Problems with Python

My domain is: sanderling.zapto.org

I ran this command:sudo certbot renew --standalone

It produced this output:

The operating system my web server runs on is (include version):Ubuntu 22.04.03 LTS

I can login to a root shell on my machine (yes or no, or I don't know):yes

Received notification for Letsencrypt renew email, normally sudo certbot renew --standalone spins up a temp webserver, gets a cert and exits fine.
Now I get
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 5, in
from certbot.main import main
File "/usr/lib/python3/dist-packages/certbot/main.py", line 2, in
from certbot._internal import main as internal_main
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 17, in
import josepy as jose
File "/usr/lib/python3/dist-packages/josepy/init.py", line 43, in
from josepy.json_util import (
File "/usr/lib/python3/dist-packages/josepy/json_util.py", line 14, in
from OpenSSL import crypto
File "/usr/lib/python3/dist-packages/OpenSSL/init.py", line 8, in
from OpenSSL import crypto, SSL
File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 3279, in
_lib.OpenSSL_add_all_algorithms()
AttributeError: module 'lib' has no attribute 'OpenSSL_add_all_algorithms'

I removed the apt package installed the snap, however python3.8 is not available, only python3.10 and the snap is read-only.
I'm assuming I've done something wrong, any advice gratefully accepted

Hi @leemeluk, and welcome to the LE community forum :slight_smile:

Did you follow the installation instructions?
See: Certbot (eff.org)

2 Likes

Yes, uninstalled the apt package, installed snapd, installed the certbot snap, symbolic link from certbot bin to /usr/bin/
The snap itself refers to python3.8 that is linked to the local installed python, however Ubuntu 22.04 when fully updated installs python3.10
Letsencrypt help only has instructions up to Ubuntu 20.04

certbot installed via snap should bring all the requirements with it [including python].
Perhaps try uninstalling the apt version of python [if not needed] OR use a virtual environment for it.

There is no difference between ubuntu 20 and ubuntu 22 [as it relates to snap and certbot].

2 Likes

That shouldn't be the case. The snap version of Certbot has Python embedded in the snap, It should not require anything outside of it.

Can you show more detailed error logs from the snap version of Certbot? Because the log you've posted in your first post is not Certbot from the snap image.

2 Likes

Multiple versions of certbot installed ? ! ? ! ? !

Show:
which certbot
apt list | grep installed | grep certbot

I would be surprised if that is somehow not the case.

2 Likes

This is the contents of my snap
ls -al /snap/certbot/3024/bin/
total 20
drwxr-xr-x 2 root root 229 May 9 20:51 .
drwxr-xr-x 11 root root 190 May 9 20:51 ..
-rw-r--r-- 1 root root 2244 May 9 20:50 activate
-rw-r--r-- 1 root root 1296 May 9 20:50 activate.csh
-rw-r--r-- 1 root root 2448 May 9 20:50 activate.fish
-rw-r--r-- 1 root root 8834 May 9 20:50 Activate.ps1
-rwxr-xr-x 1 root root 215 May 9 20:51 certbot
-rwxr-xr-x 1 root root 216 May 9 20:51 distro
-rwxr-xr-x 1 root root 215 May 9 20:51 jws
-rwxr-xr-x 1 root root 248 May 9 20:51 normalizer
-rwxr-xr-x 1 root root 225 May 9 20:51 pip
-rwxr-xr-x 1 root root 225 May 9 20:51 pip3
-rwxr-xr-x 1 root root 225 May 9 20:51 pip3.8
lrwxrwxrwx 1 root root 7 May 9 20:50 python -> python3
lrwxrwxrwx 1 root root 20 May 9 20:51 python3 -> ../usr/bin/python3.8

Apologies, I misread the python3 link, but I'm still getting this
certbot --verify
cannot snap-exec: cannot exec "/snap/certbot/3024/bin/python3": no such file or directory

ls -al certbot
lrwxrwxrwx 1 root root 30 Sep 30 07:01 certbot -> /snap/certbot/3024/bin/certbot
I've tried linking to the /snap/bin/certbot as detailed in the EFF instructions but
ls -al /snap/bin
total 8
drwxr-xr-x 2 root root 4096 Sep 30 06:57 .
drwxr-xr-x 22 root root 4096 Sep 29 13:27 ..
lrwxrwxrwx 1 root root 13 Sep 28 09:49 canonical-livepatch -> /usr/bin/snap
lrwxrwxrwx 1 root root 19 Sep 23 12:32 geckodriver -> firefox.geckodriver
lrwxrwxrwx 1 root root 13 Aug 26 2022 gimp -> /usr/bin/snap
lrwxrwxrwx 1 root root 13 Apr 15 11:47 grafana.grafana-cli -> /usr/bin/snap
lrwxrwxrwx 1 root root 13 Oct 28 2022 vlc -> /usr/bin/snap
lrwxrwxrwx 1 root root 13 May 17 14:29 winamp -> /usr/bin/snap
lrwxrwxrwx 1 root root 13 May 17 14:29 winamp.wine -> /usr/bin/snap
lrwxrwxrwx 1 root root 13 May 17 14:29 winamp.winetricks -> /usr/bin/snap

What shows?:
ls -l /snap/certbot/3024/usr/bin/

Also, I'm not sure what you are trying to do with:

1 Like

ls -al /snap/certbot/3024/usr/bin/
total 5574
drwxr-xr-x 2 root root 248 May 9 20:51 .
drwxr-xr-x 6 root root 101 May 9 20:51 ..
-rwxr-xr-x 1 root root 29960 May 9 20:51 gencat
-rwxr-xr-x 1 root root 6497 May 9 20:51 mtrace
-rwxr-xr-x 1 root root 369 May 9 20:51 pip
-rwxr-xr-x 1 root root 371 May 9 20:51 pip3
-rwxr-xr-x 1 root root 7816 May 9 20:51 py3clean
-rwxr-xr-x 1 root root 12123 May 9 20:51 py3compile
lrwxrwxrwx 1 root root 31 Mar 13 2020 py3versions -> ../share/python3/py3versions.py
lrwxrwxrwx 1 root root 9 Mar 13 2020 python3 -> python3.8
-rwxr-xr-x 1 root root 5498648 May 9 20:51 python3.8
lrwxrwxrwx 1 root root 10 Mar 13 2020 pyvenv -> pyvenv-3.8
-rwxr-xr-x 1 root root 103592 May 9 20:51 rpcgen
-rwxr-xr-x 1 root root 4309 May 9 20:51 sotruss
-rwxr-xr-x 1 root root 38224 May 9 20:51 sprof
-rwxr-xr-x 1 root root 3241 May 9 20:51 x86_64-linux-gnu-python3.8-config
But the pyvenv is a dead link
The verify statement was incorrect.
As a test, I used
certbot renew --standalone and got
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 5, in
from certbot.main import main
File "/usr/lib/python3/dist-packages/certbot/main.py", line 2, in
from certbot._internal import main as internal_main
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 17, in
import josepy as jose
File "/usr/lib/python3/dist-packages/josepy/init.py", line 43, in
from josepy.json_util import (
File "/usr/lib/python3/dist-packages/josepy/json_util.py", line 14, in
from OpenSSL import crypto
File "/usr/lib/python3/dist-packages/OpenSSL/init.py", line 8, in
from OpenSSL import crypto, SSL
File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 3279, in
_lib.OpenSSL_add_all_algorithms()
AttributeError: module 'lib' has no attribute 'OpenSSL_add_all_algorithms'
So, to ensure there were no invalid versions of certbot I removed
sudo apt remove --purge certbot
sudo snap remove certbot
find / -iname 'certbot'
which certbot
which returned nothing.
I left the directory /etc/letsencrypt intact
I'm going to leave this now but thank you so much for taking the time to help me, I'm sorry I took your time up.

This is NOT the snap Certbot. If you still can call /usr/local/bin/certbot then you still have another Certbot present on your system. Either installed using apt or perhaps even using pip globally.

Please remove ANY Certbot from your system other than snap.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.