Certbot and related packages held back on Ubuntu


So on an Ubuntu machine I’m using the official certbot ppa but out of date (cerbot 0.19.x). I noticed when doing sudo apt-get update && sudo apt-get upgrade that I had a message that “certbot” and several related packages were being held back. I had to specifically sudo apt-get install certbot and then several packages were uninstalled and replaced with python3 versions.

Solution: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA

@bmw @hlieberman Is there a known reason why Certbot would be “held back”? That might inhibit upgrades.


They’ll be held back for the upgrade from python2 to python3. You can fix it with an sudo apt full-upgrade.

Certbot deleted from Ubuntu, can't reinstall
Safe to force update certbot? (Ubuntu)

To make sure I understand correctly: The Certbot 0.20+ packages depend on the python3 package instead of python2?


That’s right! In addition, the names of the certbot python packages
themselves changed over, and the dependencies changed. (To the python3


Well it seems that apt-get full-upgrade is similar if not equal to apt-get dist-upgrade

full-upgrade performs the function of upgrade but will remove currently installed packages if this is needed to upgrade the system as a whole.

So you say that forcing the update using apt-get install will fail or cause problems?

python -V
Python 2.7.12

I don’t want to upgrade my whole system right now.

Kind Regards


I think what i did (sudo apt-get install certbot) and what was suggested (sudo apt-get full-upgrade) will generally have the same results. The system ‘python’ is still Python 2.7 and Python 3 is installed as ‘python3’ , so it won’t mess up scripts that expect 2.7 for ‘python’ .

So long as you don’t run Ubuntu’s do-release-upgrade then you’ll stay on the same Ubuntu version.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.