Not sure how to proceed. Don't know if certbot or other issue

I’d like to clarify that I want to check the status/renew my SSL certificate. I have a home server. Thank you.

My domain is:
www.eruzione.us

I ran this command:
certbot renew --dry-run

It produced this output:
ContextualVersionConflict: (cryptography 2.1.4 (/usr/lib/python2.7/dist-packages), Requirement.parse(‘cryptography>=2.2.1’), set([‘PyOpenSSL’]))

My web server is (include version):
Nginx 1.14.0

The operating system my web server runs on is (include version):
Ubuntu 18.04.2 LTS (Bionic Beaver)

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Using Putty, Webmin

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Don’t know. I receive the following message after running both commands:
An unexpected error occurred:
ContextualVersionConflict: (cryptography 2.1.4 (/usr/lib/python2.7/dist-packages), Requirement.parse(‘cryptography>=2.2.1’), set([‘PyOpenSSL’]))

How was Certbot installed? Can you paste the full traceback?

Well, I do not fully understand what the full tracebook would be. As far as I remember certbot was installed using the official guide.

I notice that when I use “Service --status-all” cerbot does not appear in the list.
It shows the following: acpid
[ + ] apache-htcacheclean
[ + ] apache2
[ + ] apparmor
[ + ] apport
[ + ] atd
[ - ] bootmisc.sh
[ - ] checkfs.sh
[ - ] checkroot-bootclean.sh
[ - ] checkroot.sh
[ - ] console-setup.sh
[ + ] cron
[ - ] cryptdisks
[ - ] cryptdisks-early
[ + ] dbus
[ + ] ebtables
[ + ] grub-common
[ - ] hostname.sh
[ - ] hwclock.sh
[ + ] irqbalance
[ + ] iscsid
[ - ] keyboard-setup.dpkg-bak
[ - ] keyboard-setup.sh
[ - ] killprocs
[ + ] kmod
[ - ] lvm2
[ + ] lvm2-lvmetad
[ + ] lvm2-lvmpolld
[ + ] lxcfs
[ - ] lxd
[ - ] mdadm
[ - ] mdadm-waitidle
[ - ] mountall-bootclean.sh
[ - ] mountall.sh
[ - ] mountdevsubfs.sh
[ - ] mountkernfs.sh
[ - ] mountnfs-bootclean.sh
[ - ] mountnfs.sh
[ + ] mysql
[ + ] networking
[ + ] nginx
[ - ] ondemand
[ - ] open-iscsi
[ - ] open-vm-tools
[ - ] php7.0-fpm
[ + ] php7.2-fpm
[ - ] plymouth
[ - ] plymouth-log
[ + ] procps
[ - ] rc.local
[ + ] resolvconf
[ - ] rsync
[ + ] rsyslog
[ - ] screen-cleanup
[ - ] sendsigs
[ + ] ssh
[ + ] udev
[ + ] ufw
[ - ] umountfs
[ - ] umountnfs.sh
[ - ] umountroot
[ + ] unattended-upgrades
[ + ] urandom
[ - ] uuidd
[ + ] webmin

Does this mean I need to re install certbot?

Would this be the “Full traceback” ?

root@Ubuntu-Web-Server:/home/******# certbot renew --dry-run
An unexpected error occurred:
ContextualVersionConflict: (cryptography 2.1.4 (/usr/lib/python2.7/dist-packages), Requirement.parse(‘cryptography>=2.2.1’), set([‘PyOpenSSL’]))
Please see the logfile ‘/tmp/tmpby4vxR’ for more details.

What does “which certbot” show?

Can you post the contents of /tmp/tmpby4vxR?

“Which Cerbot” shows the following:
root@Ubuntu-Web-Server:/home/**# which certbot
/usr/local/bin/certbot

I’m Sorry, I do not know how to access the log file. I don’t know what to input.

If you run dpkg -l certbot or ls -l /usr/bin/certbot, is it installed and does it exist?

Well, that's not the Certbot package installed from Ubuntu's repository or from the Certbot PPA.

It might be certbot-auto, or maybe Certbot was installed with pip.

cat /tmp/tmpby4vxR

Here are the contents of logfile tmp48SAvi, which is what the error message shows

2019-03-21 16:15:07,238:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/local/bin/certbot”, line 11, in
sys.exit(main())
File “/usr/local/lib/python2.7/dist-packages/certbot/main.py”, line 1338, in main
plugins = plugins_disco.PluginsRegistry.find_all()
File “/usr/local/lib/python2.7/dist-packages/certbot/plugins/disco.py”, line 206, in find_all
plugin_ep = PluginEntryPoint(entry_point)
File “/usr/local/lib/python2.7/dist-packages/certbot/plugins/disco.py”, line 52, in init
self.plugin_cls = entry_point.load()
File “/usr/lib/python2.7/dist-packages/pkg_resources/init.py”, line 2323, in load
self.require(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/pkg_resources/init.py”, line 2346, in require
items = working_set.resolve(reqs, env, installer, extras=self.extras)
File “/usr/lib/python2.7/dist-packages/pkg_resources/init.py”, line 783, in resolve
raise VersionConflict(dist, req).with_context(dependent_req)
ContextualVersionConflict: (cryptography 2.1.4 (/usr/lib/python2.7/dist-packages), Requirement.parse(‘cryptography>=2.2.1’), set([‘PyOpenSSL’]))
2019-03-21 16:15:07,238:ERROR:certbot.log:An unexpected error occurred:

Here are the contents of /tmp/tmpby4vxR, which you have asked for:

2019-03-21 15:59:36,037:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/local/bin/certbot”, line 11, in
sys.exit(main())
File “/usr/local/lib/python2.7/dist-packages/certbot/main.py”, line 1338, in main
plugins = plugins_disco.PluginsRegistry.find_all()
File “/usr/local/lib/python2.7/dist-packages/certbot/plugins/disco.py”, line 206, in find_all
plugin_ep = PluginEntryPoint(entry_point)
File “/usr/local/lib/python2.7/dist-packages/certbot/plugins/disco.py”, line 52, in init
self.plugin_cls = entry_point.load()
File “/usr/lib/python2.7/dist-packages/pkg_resources/init.py”, line 2323, in load
self.require(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/pkg_resources/init.py”, line 2346, in require
items = working_set.resolve(reqs, env, installer, extras=self.extras)
File “/usr/lib/python2.7/dist-packages/pkg_resources/init.py”, line 783, in resolve
raise VersionConflict(dist, req).with_context(dependent_req)
ContextualVersionConflict: (cryptography 2.1.4 (/usr/lib/python2.7/dist-packages), Requirement.parse(‘cryptography>=2.2.1’), set([‘PyOpenSSL’]))
2019-03-21 15:59:36,037:ERROR:certbot.log:An unexpected error occurred:

Certbot-auto does ring a bell though...

After running I recieve this message:
root@Ubuntu-Web-Server:/home/****# dpkg -l certbot
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-============-============-=================================
ii certbot 0.31.0-1+ubu all automatically configure HTTPS usi

After using the second suggested command I receive this output:

root@Ubuntu-Web-Server:/home/***# ls -l /usr/bin/certbot
-rwxr-xr-x 1 root root 385 Mar 12 13:26 /usr/bin/certbot

certbot-auto installs itself in /opt/eff.org/certbot instead of /usr/local, though. And it should usually avoid getting confused by things installed elsewhere.

After running “cat /opt/eff.org/certbot” I receive:
cat: /opt/eff.org/certbot: No such file or directory

I’m just confused because I don’t know where to proceed from here. I don’t know if certbot auto is installed, nor am I sure about any other version. I wont be able to access my server in a few months for a period of time over 5 months, and don’t want to allow the SSL cert to expire. I don’t really know what the difference between letsencrypt and certbot is either.

So… very confused is all. I’m still learning all this. What do you suggest I should do? Reinstall certbot at risk of causing conflicts with certbot auto?

You could try to use the /usr/bin/certbot application directly. So not use certbot as a single command on the command line, but actually type something like /usr/bin/certbot renew --dry-run.

Also, you can identify which package the other certbot-file belongs to:

dpkg -S /usr/local/bin/certbot

It probably won’t find a package at all, which would support @mnordhoff’s suggestion it might be installed through pip.

Figured out that my Certbot was in fact installed through pip. Since I didn’t know exactly what pip was, I googled “PyOpenSSL”. This led me to understand what exactly pip was(a package installer).

After that, I looked at the error message some more and saw the “ContenxtualVersion Conflict” and the “Requirement” so I figured something called “cryptography” had to be updated to 2.2.1.

I used pip install cryptography --upgrade and updated the package to 2.6.1. Now I’m able to use Certbot commands without any errors! Can anyone tell me if I did this improperly? I ran a simulation of the cert renewal and it went just fine.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.