I ran this command:sudo certbot renew --standalone
It produced this output:
The operating system my web server runs on is (include version):Ubuntu 22.04.03 LTS
I can login to a root shell on my machine (yes or no, or I don't know):yes
Received notification for Letsencrypt renew email, normally sudo certbot renew --standalone spins up a temp webserver, gets a cert and exits fine.
Now I get
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 5, in
from certbot.main import main
File "/usr/lib/python3/dist-packages/certbot/main.py", line 2, in
from certbot._internal import main as internal_main
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 17, in
import josepy as jose
File "/usr/lib/python3/dist-packages/josepy/init.py", line 43, in
from josepy.json_util import (
File "/usr/lib/python3/dist-packages/josepy/json_util.py", line 14, in
from OpenSSL import crypto
File "/usr/lib/python3/dist-packages/OpenSSL/init.py", line 8, in
from OpenSSL import crypto, SSL
File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 3279, in
_lib.OpenSSL_add_all_algorithms()
AttributeError: module 'lib' has no attribute 'OpenSSL_add_all_algorithms'
I removed the apt package installed the snap, however python3.8 is not available, only python3.10 and the snap is read-only.
I'm assuming I've done something wrong, any advice gratefully accepted
Yes, uninstalled the apt package, installed snapd, installed the certbot snap, symbolic link from certbot bin to /usr/bin/
The snap itself refers to python3.8 that is linked to the local installed python, however Ubuntu 22.04 when fully updated installs python3.10
Letsencrypt help only has instructions up to Ubuntu 20.04
certbot installed via snap should bring all the requirements with it [including python].
Perhaps try uninstalling the apt version of python [if not needed] OR use a virtual environment for it.
There is no difference between ubuntu 20 and ubuntu 22 [as it relates to snap and certbot].
That shouldn't be the case. The snap version of Certbot has Python embedded in the snap, It should not require anything outside of it.
Can you show more detailed error logs from the snap version of Certbot? Because the log you've posted in your first post is not Certbot from the snap image.
This is the contents of my snap
ls -al /snap/certbot/3024/bin/
total 20
drwxr-xr-x 2 root root 229 May 9 20:51 .
drwxr-xr-x 11 root root 190 May 9 20:51 ..
-rw-r--r-- 1 root root 2244 May 9 20:50 activate
-rw-r--r-- 1 root root 1296 May 9 20:50 activate.csh
-rw-r--r-- 1 root root 2448 May 9 20:50 activate.fish
-rw-r--r-- 1 root root 8834 May 9 20:50 Activate.ps1
-rwxr-xr-x 1 root root 215 May 9 20:51 certbot
-rwxr-xr-x 1 root root 216 May 9 20:51 distro
-rwxr-xr-x 1 root root 215 May 9 20:51 jws
-rwxr-xr-x 1 root root 248 May 9 20:51 normalizer
-rwxr-xr-x 1 root root 225 May 9 20:51 pip
-rwxr-xr-x 1 root root 225 May 9 20:51 pip3
-rwxr-xr-x 1 root root 225 May 9 20:51 pip3.8
lrwxrwxrwx 1 root root 7 May 9 20:50 python -> python3
lrwxrwxrwx 1 root root 20 May 9 20:51 python3 -> ../usr/bin/python3.8
Apologies, I misread the python3 link, but I'm still getting this
certbot --verify
cannot snap-exec: cannot exec "/snap/certbot/3024/bin/python3": no such file or directory
ls -al /snap/certbot/3024/usr/bin/
total 5574
drwxr-xr-x 2 root root 248 May 9 20:51 .
drwxr-xr-x 6 root root 101 May 9 20:51 ..
-rwxr-xr-x 1 root root 29960 May 9 20:51 gencat
-rwxr-xr-x 1 root root 6497 May 9 20:51 mtrace
-rwxr-xr-x 1 root root 369 May 9 20:51 pip
-rwxr-xr-x 1 root root 371 May 9 20:51 pip3
-rwxr-xr-x 1 root root 7816 May 9 20:51 py3clean
-rwxr-xr-x 1 root root 12123 May 9 20:51 py3compile
lrwxrwxrwx 1 root root 31 Mar 13 2020 py3versions -> ../share/python3/py3versions.py
lrwxrwxrwx 1 root root 9 Mar 13 2020 python3 -> python3.8
-rwxr-xr-x 1 root root 5498648 May 9 20:51 python3.8
lrwxrwxrwx 1 root root 10 Mar 13 2020 pyvenv -> pyvenv-3.8
-rwxr-xr-x 1 root root 103592 May 9 20:51 rpcgen
-rwxr-xr-x 1 root root 4309 May 9 20:51 sotruss
-rwxr-xr-x 1 root root 38224 May 9 20:51 sprof
-rwxr-xr-x 1 root root 3241 May 9 20:51 x86_64-linux-gnu-python3.8-config
But the pyvenv is a dead link
The verify statement was incorrect.
As a test, I used
certbot renew --standalone and got
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 5, in
from certbot.main import main
File "/usr/lib/python3/dist-packages/certbot/main.py", line 2, in
from certbot._internal import main as internal_main
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 17, in
import josepy as jose
File "/usr/lib/python3/dist-packages/josepy/init.py", line 43, in
from josepy.json_util import (
File "/usr/lib/python3/dist-packages/josepy/json_util.py", line 14, in
from OpenSSL import crypto
File "/usr/lib/python3/dist-packages/OpenSSL/init.py", line 8, in
from OpenSSL import crypto, SSL
File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 3279, in
_lib.OpenSSL_add_all_algorithms()
AttributeError: module 'lib' has no attribute 'OpenSSL_add_all_algorithms'
So, to ensure there were no invalid versions of certbot I removed
sudo apt remove --purge certbot
sudo snap remove certbot
find / -iname 'certbot'
which certbot
which returned nothing.
I left the directory /etc/letsencrypt intact
I'm going to leave this now but thank you so much for taking the time to help me, I'm sorry I took your time up.
This is NOT the snap Certbot. If you still can call /usr/local/bin/certbot then you still have another Certbot present on your system. Either installed using apt or perhaps even using pip globally.
Please remove ANY Certbot from your system other than snap.
