ContextualVersionConflict: urllib3 1.23


#1

I’m using certbot 0.22.2-1+ubuntu16.04.1+certbot+1 on Ubuntu 16.04 and since the Python lib urllib3 got upgraded to version 1.23 yesterday, certbot won’t work anymore because of a version requirement conflict. It is bound to urllib3<1.23,>=1.21.1

The full stack trace looks like this:

2018-06-06 06:25:45,934:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 11, in <module>
    sys.exit(main())
  File "/usr/local/lib/python2.7/dist-packages/certbot/main.py", line 1289, in main
    plugins = plugins_disco.PluginsRegistry.find_all()
  File "/usr/local/lib/python2.7/dist-packages/certbot/plugins/disco.py", line 200, in find_all
    plugin_ep = PluginEntryPoint(entry_point)
  File "/usr/local/lib/python2.7/dist-packages/certbot/plugins/disco.py", line 46, in __init__
    self.plugin_cls = entry_point.load()
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2317, in load
    self.require(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2340, in require
    items = working_set.resolve(reqs, env, installer, extras=self.extras)
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 779, in resolve
    raise VersionConflict(dist, req).with_context(dependent_req)
ContextualVersionConflict: (urllib3 1.23 (/usr/local/lib/python2.7/dist-packages), Requirement.parse('urllib3<1.23,>=1.21.1'), set(['requests']))
2018-06-06 06:25:45,934:ERROR:certbot.log:An unexpected error occurred:

Is there a way around this or could certbot lift their version requirements?


#2

From where?

I can only see 1.13-1-2 in Xenial, and 1.21.1-1 provided from the Certbot PPA.

You can try use certbot-auto, it runs in venv, isolated from your system’s libraries. (At least, until Certbot loosens that version constraint).


#3

The Certbot packages from the PPA are installed in /usr, not /usr/local. (And they use Python 3 now.) The /usr/local Certbot must be something separate, maybe installed with pip.


#4

That’s interesting. I may have installed certbot with PIP originally but I also installed it again later with apt install certbot which just now confirms certbot is already the newest version (0.22.2-1+ubuntu16.04.1+certbot+1). But when I remove the certbot executable from /usr/local/bin there is no other one that could be found.

I then searched the entire system for certbot and found Python 2 packages installed at /usr/local/lib/python2.7/dist-packages/certbot and Python3 packages installed at /usr/lib/python3/dist-packages/certbot

As the OS defaults to Python 2 still - sorry for that :wink: - it executes the “wrong” one. By changing the shebang in /usr/local/bin/certbot to #!/usr/bin/python3 I was now able to force usage of Python 3.

OK, I will be uninstalling the Python 2 packages. But how would one on Ubuntu get certbot to launch if the only available executable lives in /usr/local/bin and is configured to /usr/bin/python which may well default to Python 2 on a lot of systems?


#5

/usr/bin/certbot should already exist and use Python 3.


#6

It’s not. And I checked several dozen hosts for it.


#7

It’s part of the certbot package. It can’t not exist unless the package is not installed or the file has been deleted.


#8

Very interesting. All my hosts are deployed with Ansible and here is the playbook that installs Certbot:

---
# file: roles/letsencrypt/tasks/install.yml

- name: "Apt Key"
  apt_key:
    url: 'http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x8C47BE8E75BCA694'
    state: 'present'

- name: "Apt Repository"
  apt_repository:
    repo: 'ppa:certbot/certbot'
    state: 'present'
    mode: '644'

- name: "Install CertBot"
  apt:
    pkg: 'certbot'
    state: 'present'
    update_cache: yes

Couldn’t get any simpler and that’s all that happens.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.