Certbot stuck on 0.31.0

My domain is: https://ducklings.io

My web server is (include version): Nginx

The operating system my web server runs on is (include version): Ubuntu 18.04.3 LTS

I can login to a root shell on my machine: yes

I’m using a control panel to manage my site: no

The version of my client is: certbot 0.31.0


Hi, I would like to update certbot to 0.36 or higher but I’m not having much luck.
When trying to renew certs I get the following message

Attempting to parse the version 0.36.0 renewal configuration file found at /etc/letsencrypt/renewal/ducklings.io.conf with version 0.31.0 of Certbot. This might not work.
Renewal configuration file /etc/letsencrypt/renewal/ducklings.io.conf (cert: ducklings.io) produced an unexpected error: 'Namespace' object has no attribute 'dns_digitalocean_credentials'. Skipping.

So I figured updating to at least 0.36 would fix it, having a newer version would be nice anyway.

I tried doing (among other things)

apt-get remove certbot
apt-get update
apt-get install certbot
add-apt-repository --remove ppa:certbot/certbot
add-apt-repository ppa:certbot/certbot
apt-get dist-upgrade

downloading and running certbot-auto also didn’t work.

If anyone has any ideas please let me know.

1 Like

Please show this file:

1 Like

Hi @jespertheend

it’s not a direct solution, but it should work.

  • Make a backup of that file
  • remove it
  • create a new certificate with a complete command line

Then Certbot should create a new conf file.

# renew_before_expiry = 30 days
version = 0.36.0
archive_dir = /etc/letsencrypt/archive/ducklings.io
cert = /etc/letsencrypt/live/ducklings.io/cert.pem
privkey = /etc/letsencrypt/live/ducklings.io/privkey.pem
chain = /etc/letsencrypt/live/ducklings.io/chain.pem
fullchain = /etc/letsencrypt/live/ducklings.io/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = ***censored for my security***
pref_challs = dns-01,
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = dns-digitalocean
dns_digitalocean_credentials = /root/.secrets/certbot/digitalocean.ini

I think the digitialocean plugin wasn’t installed properly. I tried installing it but I made things worse because I am now unable to run certbot at all.

certbot --version gives me this

Traceback (most recent call last):
  File "/usr/bin/certbot", line 6, in <module>
    from pkg_resources import load_entry_point
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 3088, in <module>
    @_call_aside
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 3072, in _call_aside
    f(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 3101, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 574, in _build_master
    ws.require(__requires__)
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 892, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 778, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'certbot==0.31.0' distribution was not found and is required by the application
1 Like

Not sure if there was an easier way to do this but I completely uninstalled certbot and tried to install it again. I was still getting the same error, but after doing pip install certbot I’m now running 1.0.1 somehow.

1 Like

Does that file still exist?
[DO NOT SHOW CONTENTS]
try:
ls -l /root/.secrets/certbot/digitalocean.ini

1 Like

The errors shown seem to indicate that certbot is… broken or incomplete.
I would remove it completely.
Check to ensure it has been removed completely.
Then reinstall certbot.

1 Like

Yeah I have no idea how everything ended up in this state. I initally wanted to be able to renew certs from crontab, which wasn’t working. Presumably because I had two different versions of certbot installed. One via pip and one via apt-get. And also some python 2 vs python 3 madness.

I completely reinstalled crontab I got the certbot command working again now, and it’s running 1.0.0 so that is looking good. It’s not running in crontab yet, it still shows the same DistributionNotFound error.

2 Likes

Hmm ok it seems like certbot installed in /usr/local/bin/certbot is working fine but /usr/bin/certbot isn’t. I’m just running certbot from the absolute path in crontab now, this seems to be working.

1 Like

Does the /root/.secrets/certbot/digitalocean.ini file exist?
Can cerbot read it?

1 Like

oh yes, it does. I forgot to mention that sorry.
I purged all my config files while reinstalling certbot so I can’t test it out before I put them back. But I think all should be working fine now.

1 Like

Are you sure you only have one certbot now?
dpkg --list | grep certbot
find / -name certbot
which certbot

1 Like

No I’m pretty sure there’s two.

ii  certbot                         0.31.0-1+ubuntu18.04.1+certbot+1            all          automatically configure HTTPS using Let's Encrypt
ii  python3-acme                    0.31.0-2+ubuntu18.04.3+certbot+2            all          ACME protocol library for Python 3
ii  python3-augeas                  0.5.0-1+ubuntu18.04.1+certbot+1             all          Python3 bindings for Augeas
ii  python3-certbot                 0.31.0-1+ubuntu18.04.1+certbot+1            all          main library for certbot
ii  python3-configobj               5.0.6-2+ubuntu18.04.1+certbot+1             all          simple but powerful config file reader and writer for Python 3
ii  python3-future                  0.15.2-4+ubuntu18.04.1+certbot+3            all          Clean single-source support for Python 3 and 2 - Python 3.x
ii  python3-josepy                  1.1.0-2+ubuntu18.04.1+certbot+1             all          JOSE implementation for Python 3.x
ii  python3-parsedatetime           2.4-3+ubuntu18.04.1+certbot+3               all          Python 3 module to parse human-readable date/time expressions
ii  python3-requests-toolbelt       0.8.0-1+ubuntu18.04.1+certbot+1             all          Utility belt for advanced users of python3-requests
ii  python3-zope.component          4.3.0-1+ubuntu18.04.1+certbot+3             all          Zope Component Architecture
ii  python3-zope.hookable           4.0.4-4+ubuntu18.04.1+certbot+1             amd64        Hookable object support
ii  python3-zope.interface          4.3.2-1+ubuntu18.04.1+certbot+1             amd64        Interfaces for Python3

Running certbot --version gives me 1.0.0 which is nice because that’s what I want. I’m not sure why 1.0.0 isn’t listed in dpkg --list | grep certbot though.

find / -name certbot results in

/usr/local/bin/certbot
/usr/local/lib/python2.7/dist-packages/certbot
/usr/bin/certbot
/usr/lib/python3.6/site-packages/certbot
/usr/share/doc/certbot
/etc/logrotate.d/certbot
/etc/cron.d/certbot
/opt/eff.org/certbot
/opt/eff.org/certbot/venv/bin/certbot
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot
/root/.secrets/certbot

which certbot gives me /usr/local/bin/certbot

Running /usr/bin/certbot --version still gives the DistributionNotFound Exception.

I’m hesitant to run hash -r, I’m worried it might set the certbot command back to the currently broken /usr/bin/certbot

1 Like

So, yes, you do have two certbots.
I would remove ALL of it.
Then put back the one you want.

1 Like

Alright I uninstalled certbot using apt-get uninstall certbot
dpkg --list | grep certbot still shows one 0.31.0 entry, which I can’t seem to get rid of. Either way, the certbot command is still working so I think all is good now.

Thanks for all the help! It’s much appreciated :smiley:

2 Likes

dkpg --help
dpkg --remove

1 Like

ah hmm, dpkg --remove certbot gives me

dpkg: warning: ignoring request to remove certbot, only the config
 files of which are on the system; use --purge to remove them too

So that’s probably why it’s still listed there. I think I’ll leave it there though, because I just finished putting all my config files back. And /usr/bin/certbot no longer exists so that shouldn’t cause any trouble.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.