Python 3.6 support will be dropped in the next release of Certbot - please upgrade your Python version

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:marviotek.store

I ran this command:certbot certonly --standalone --agree-tos -n -d www.marviotek.store -d marviotek.store -m long417229258@gmail.com

It produced this output:
/usr/local/lib/python3.6/site-packages/OpenSSL/_util.py:6: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
from cryptography.hazmat.bindings.openssl.binding import Binding
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Python 3.6 support will be dropped in the next release of Certbot - please upgrade your Python version.
Requesting a certificate for www.marviotek.store and marviotek.store
An unexpected error occurred:
ValueError: Invalid version. The only valid version for X509Req is 0.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[root@abcd linuxuser]# systemctl stop firewalld && systemctl disable firewalld
[root@abcd linuxuser]# certbot certonly --standalone --agree-tos -n -d www.marviotek.store -d marviotek.store -m long417229258@gmail.com
/usr/local/lib/python3.6/site-packages/OpenSSL/_util.py:6: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
from cryptography.hazmat.bindings.openssl.binding import Binding
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Python 3.6 support will be dropped in the next release of Certbot - please upgrade your Python version.
Requesting a certificate for www.marviotek.store and marviotek.store
An unexpected error occurred:
ValueError: Invalid version. The only valid version for X509Req is 0.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):CentOS SELinux 7 x64

The operating system my web server runs on is (include version):CentOS SELinux 7 x64

My hosting provider, if applicable, is:Vultr

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

What version of certbot do you have?

certbot --version

Because another thread here with same error says that was resolved by Certbot v1.29

If all else fails [with certbot], you could try another ACME client.
Like: acme.sh

I know this error well. I opened a ticket with Certbot on it - acme v1.23.0 is incompatible with pyopenssl>=23.2.0 on python 3.6 · Issue #9722 · certbot/certbot · GitHub

The issue is not resolved for python 3.6 and will never be as it is a WONTFIX that would require backporting code (or applying a fix) and releasing new package versions for the last Python 3.6 compatible branches - a support mechanism the Certbot team has a longstanding policy of not doing. @MikeMcQ while the upgrade worked in that other thread, it would only be possible because that user was running Python3.7 or above and could install the fixed packages. The versions of packages available to Python 3.6 are all affected by this issue.

Here is the issue:

pyopenssl had a backwards compatible change to fix a bug, which basically just raised an exception when you did something wrong. certbot does not invoke that bug directly, but through the sibling library acme - which did something wrong for many years. certbot is affected on Py36 because the last release of certbot or acme did not have version pinning of pyopenssl, so it installs the newest version – creating a situation where certbot invokes pyopenssl incorrectly, and we have a pyopenssl that raises an exception instead of doing nothing and smiling.

A quick fix, is to invoke from the same virtualenvironment that Certbot is installed into:

pip install "pyopenssl==23.1.0"

That should downgrade pyopenssl to a compatible version.

The full fix is to install an updated version Python on that machine, or move to snapd - which will have it's own python.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.