ContextualVersionConflict: urllib3 1.23

I’m using certbot 0.22.2-1+ubuntu16.04.1+certbot+1 on Ubuntu 16.04 and since the Python lib urllib3 got upgraded to version 1.23 yesterday, certbot won’t work anymore because of a version requirement conflict. It is bound to urllib3<1.23,>=1.21.1

The full stack trace looks like this:

2018-06-06 06:25:45,934:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 11, in <module>
  File "/usr/local/lib/python2.7/dist-packages/certbot/", line 1289, in main
    plugins = plugins_disco.PluginsRegistry.find_all()
  File "/usr/local/lib/python2.7/dist-packages/certbot/plugins/", line 200, in find_all
    plugin_ep = PluginEntryPoint(entry_point)
  File "/usr/local/lib/python2.7/dist-packages/certbot/plugins/", line 46, in __init__
    self.plugin_cls = entry_point.load()
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/", line 2317, in load
    self.require(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/", line 2340, in require
    items = working_set.resolve(reqs, env, installer, extras=self.extras)
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/", line 779, in resolve
    raise VersionConflict(dist, req).with_context(dependent_req)
ContextualVersionConflict: (urllib3 1.23 (/usr/local/lib/python2.7/dist-packages), Requirement.parse('urllib3<1.23,>=1.21.1'), set(['requests']))
2018-06-06 06:25:45,934:ERROR:certbot.log:An unexpected error occurred:

Is there a way around this or could certbot lift their version requirements?

From where?

I can only see 1.13-1-2 in Xenial, and 1.21.1-1 provided from the Certbot PPA.

You can try use certbot-auto, it runs in venv, isolated from your system's libraries. (At least, until Certbot loosens that version constraint).

The Certbot packages from the PPA are installed in /usr, not /usr/local. (And they use Python 3 now.) The /usr/local Certbot must be something separate, maybe installed with pip.

That’s interesting. I may have installed certbot with PIP originally but I also installed it again later with apt install certbot which just now confirms certbot is already the newest version (0.22.2-1+ubuntu16.04.1+certbot+1). But when I remove the certbot executable from /usr/local/bin there is no other one that could be found.

I then searched the entire system for certbot and found Python 2 packages installed at /usr/local/lib/python2.7/dist-packages/certbot and Python3 packages installed at /usr/lib/python3/dist-packages/certbot

As the OS defaults to Python 2 still - sorry for that :wink: - it executes the “wrong” one. By changing the shebang in /usr/local/bin/certbot to #!/usr/bin/python3 I was now able to force usage of Python 3.

OK, I will be uninstalling the Python 2 packages. But how would one on Ubuntu get certbot to launch if the only available executable lives in /usr/local/bin and is configured to /usr/bin/python which may well default to Python 2 on a lot of systems?

/usr/bin/certbot should already exist and use Python 3.

It’s not. And I checked several dozen hosts for it.

It’s part of the certbot package. It can’t not exist unless the package is not installed or the file has been deleted.

Very interesting. All my hosts are deployed with Ansible and here is the playbook that installs Certbot:

# file: roles/letsencrypt/tasks/install.yml

- name: "Apt Key"
    url: ''
    state: 'present'

- name: "Apt Repository"
    repo: 'ppa:certbot/certbot'
    state: 'present'
    mode: '644'

- name: "Install CertBot"
    pkg: 'certbot'
    state: 'present'
    update_cache: yes

Couldn’t get any simpler and that’s all that happens.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.