Certbot VersionConflict after update on Ubuntu


For around a month certbot has been spitting out this exception:

pkg_resources.VersionConflict: (certbot 2.3.0 (/snap/certbot/2772/lib/python3.8/site-packages), Requirement.parse('certbot<2.0,>=1.18.0))

This started around the time someone updated Ubuntu to a newer version. I am unsure if certbot was also updated during this.

What I wanted to do is to downgrade this package used by certbot to 1.32.0, but I am unsure how.

So, I have 2 questions, how do I downgrade this package? If this is not the best solution, will updating certbot fix this issue and not break any scheduled tasks?

1 Like

That's weird, Certbot itself thinks it requires a different version of itself? Are there perhaps more relevant lines above this one in the output?

Do you perhaps have different instances of Certbot installed, e.g. using pip globally or perhaps using apt, next to the snap version?

@certbot-devs Any thoughts?


Are there more than one version of certbot installed?


I think there might be a third-party plugin snap installed which has the certbot<2.0 constraint on it:

snap list

You can use

snap revert certbot

or if you know which revision number was working, you might be able to

snap revert certbot --revision=xxx

Once it works again, you can prevent Certbot from being updated again:

snap refresh --hold certbot

I'd really appreciate if you could let me know what plugins you have installed so I can contact the author to get this fixed. Thanks.


I reverted the certbot version, it reverted it to 2.2.0, which is still higher than 2.0. No other revisions to revert to.

The only plugin that's installed is certbot-dns-azure, version 2.0.1. Previous version was 1.5.0. Reverted it, and now i'm getting issues with cryptography package version being too high

Thanks for the help

1 Like

Thanks, I reported it to the project maintainer: Remove certbot<2 constraint · Issue #28 · terrycain/certbot-dns-azure · GitHub.

About reverting to Certbot 1.32.2, you might be able to install the old snap file directly. I have copied it from the build pipeline and uploaded it here and you can install it with:

snap install --classic --dangerous certbot_1.32.2_amd64.snap

Other options include:

  • Try the pip instructions for the time being, installing certbot==1.32.0 directly.
  • My DNS plugin supports Azure and should work with any version of the Certbot snap.

Hm, my Gentoo third party plugins overlay's CI didn't detect this issue due to the fact I only have version 1.5.0 of the certbot-dns-azure plugin in it.

The maintainer of the plugin has some inconsistent release habits:



Unfortunately, Python's logging of import errors - version requirements, malformed code, and cyclical errors - is sparse and misleading. As @_az noted, this specific error most likely from a plugin, with a slight chance this is in a third party dependency. It looks like the error is in Certbot, but that is only because Python often surfaces deeply nested import/versioning errors like this.

My recommendation is to completely uninstall the certbot snap and all the associated packages, then try to install it from scratch. That installation process of plugins will usually surface exactly where the requirements mismatch is, and may suggest a workaround.

If you try using the pip installation method as a backup, as @_az suggested, I want to stress three things:

1- Make sure you uninstall the snap, otherwise you will have to be diligent to ensure you invoke the right Certbot and associated things each time.

2- Make sure you follow the instructions carefully, and install into a virtual environment / virtualenv.

3- You can pass in --config-dir and other commands to Certbot, so the pip version will use the same config files, certs, logs, etc as the snap version. This will allow you to "renew" seamlessly.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.