MikeMcQ
December 3, 2024, 11:55am
2
Yes that is a known bug in Certbot v3 upgrade.
There is a work-around described in the thread below. Please see that github thread for more details. You can subscribe to that thread to be informed of its final fix. Note that "bmw" is a Certbot dev.
opened 06:08PM - 13 Nov 24 UTC
closed 09:22PM - 22 Nov 24 UTC
priority: significant
If you're having trouble using Certbot and aren't sure you've found a bug or
re… quest for a new feature, please first try asking for help at
https://community.letsencrypt.org/. There is a much larger community there of
people familiar with the project who will be able to more quickly answer your
questions.
## My operating system is (include version):
Raspian `uname -a` gives:
`Linux chip 5.10.63-v8+ #1459 SMP PREEMPT Wed Oct 6 16:42:49 BST 2021 aarch64 GNU/Linux`
## I installed Certbot with (snap, OS package manager, pip, certbot-auto, etc):
its installed using snap
## I ran this command and it produced this output:
`certbot list` produced
```
Traceback (most recent call last):
File "/snap/certbot/4183/bin/certbot", line 5, in <module>
from certbot.main import main
File "/snap/certbot/4183/lib/python3.12/site-packages/certbot/main.py", line 6, in <module>
from certbot._internal import main as internal_main
File "/snap/certbot/4183/lib/python3.12/site-packages/certbot/_internal/main.py", line 20, in <module>
import josepy as jose
File "/snap/certbot/4183/lib/python3.12/site-packages/josepy/__init__.py", line 40, in <module>
from josepy.json_util import (
File "/snap/certbot/4183/lib/python3.12/site-packages/josepy/json_util.py", line 24, in <module>
from OpenSSL import crypto
File "/snap/certbot/4183/lib/python3.12/site-packages/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import SSL, crypto
File "/snap/certbot/4183/lib/python3.12/site-packages/OpenSSL/SSL.py", line 11, in <module>
from OpenSSL._util import (
File "/snap/certbot/4183/lib/python3.12/site-packages/OpenSSL/_util.py", line 6, in <module>
from cryptography.hazmat.bindings.openssl.binding import Binding
File "/snap/certbot/4183/lib/python3.12/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 15, in <module>
from cryptography.exceptions import InternalError
File "/snap/certbot/4183/lib/python3.12/site-packages/cryptography/exceptions.py", line 9, in <module>
from cryptography.hazmat.bindings._rust import exceptions as rust_exceptions
RuntimeError: OpenSSL 3.0's legacy provider failed to load. This is a fatal error by default, but cryptography supports running without legacy algorithms by setting the environment variable CRYPTOGRAPHY_OPENSSL_NO_LEGACY. If you did not expect this error, you have likely made a mistake with your OpenSSL configuration.
```
## Certbot's behavior differed from what I expected because:
Crashed rather than showed list of certificates.
## Here is a Certbot log showing the issue (if available):
###### Logs are stored in `/var/log/letsencrypt` by default. Feel free to redact domains, e-mail and IP addresses as you see fit.
N/A
## Here is the relevant nginx server block or Apache virtualhost for the domain I am configuring:
N/A
Just as a comment, this certificate is for a mail server. I have other certificates on another machine, so I normally only manually run certbot renew every 90 days after I have manually moved my port forwarding of port 80. Current certificate does not expire until 15th January, so its only by chance that I ran it today and I have not changed port 80 forwarding.
6 Likes