Trouble removing certbot package

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: jewettfarm.com, mail-lab.us

I ran this command: sudo apt-get remove certbot

It produced this output: Package 'certbot' is not installed, so not removed

My web server is (include version): nginx 1.21

The operating system my web server runs on is (include version): Ubuntu 20.04 LTS

My hosting provider, if applicable, is: Cloudflare (DNS)

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.29.0

Hello, I am trying to use the cloudflare DNS plugin with certbot. I have followed this: Certbot Instructions | Certbot (eff.org)

I realized I had an issue after installing the cloudflare dns plugin from a snap, as I did not see the plugin with certbot --plugins.

So it was apparent I needed to uninstall certbot using the package manager with: sudo apt-get remove certbot

However, even after removing it with apt/apt-get I still see it is version 1.29.0 when I issue certbot --version. I even ran: sudo apt autoremove

I ran snap list, and the snap is not installed.

root@mail:~# snap list
Name Version Rev Tracking Publisher Notes
core20 20221212 1778 latest/stable canonical✓ base
lxd 4.0.9-a29c6f1 24061 4.0/stable/… canonical✓ -
snapd 2.58 17950 latest/stable canonical✓ snapd

I am not running pip, or any other package managers. This system runs a Zimbra mail server, and I am just trying to use the cloudflare-dns plugin. When I initially installed it from a snap, the plugin shows up in the snap list, but it did not show up as a plugin with "certbot --plugins". So I am assuming I need to install certbot and the dns plugin from snap. However, I am stumped at how to remove certbot 1.29.0.

When I issue "certbot certificates" it still shows my active certs, so it is still installed from what I can tell.

Is there another way to remove certbot from an Ubuntu 20.04 distro? I have searched the interwebz and I only see mention to remove it using apt or snap. Neither is installed, but it still lives.

My goal once again, is just to use the cloudflare-dns plugin. I have installed it from snap, but it never shows up as a plugin for certbot, so that tells me I should use the certbot snap along with the plugin?

Any advise is greatly welcome!

Thank you

What's the output of:

whereis certbot

and

ls -l /usr/bin/certbot
3 Likes

First output:
whereis certbot
certbot: /usr/bin/certbot /usr/bin/certbot.old /usr/local/sbin/certbot /opt/certbot/bin/certbot /snap/bin/certbot /usr/share/man/man1/certbot.1.gz

Second output:
ls -l /usr/bin/certbot
lrwxrwxrwx 1 root root 17 Jan 11 14:02 /usr/bin/certbot -> /snap/bin/certbot

I currently have the snap installed just to note. When I run certbot --version it shows version 1.29.
FYI
Thanks

1 Like

But why doesn't Certbot show up on your snap list output? I don't understand.. Also, 1.29.0 isn't the latest v1 release, that's 1.32.0. And I thought snap would automatically update its snaps?

Also, /opt/certbot/bin/certbot suggests you once installed Certbot using perhaps pip or even perhaps (more likely) the certbot-auto wrapper script. You probably should remove /opt/certbot/ (but keep a backup just in case).

And where does /usr/local/sbin/certbot come from? I don't know what would put Certbot in that place.. :thinking: Maybe a symlink to the Certbot in /opt/certbot/?

Looks like you have like 3 Certbots installed :rofl:

4 Likes

Well it does now that the snap is installed, here is the output:
root@mail:/usr/bin# snap list
Name Version Rev Tracking Publisher Notes
certbot 1.32.2 2618 latest/stable certbot-eff✓ classic
certbot-dns-cloudflare 1.32.2 2233 latest/stable certbot-eff✓ -
core20 20221212 1778 latest/stable canonical✓ base
lxd 4.0.9-a29c6f1 24061 4.0/stable/… canonical✓ -
snapd 2.58 17950 latest/stable canonical✓ snapd

But when I do a --version I still see it as 1.29.0. So I too am stumped. I can remove the snaps, but in the interest of getting the plugin to work I went ahead and installed the snaps.

Very strange the version mismatch, so makes me think there is another version lurking on the system.

Yes, I did add a symlink to point to the snap - just to clarify.

I would say you have at least 2 different Certbots on your system.

1 Like

Exactly. Any ideas on how to remove 1.29?
Just a matter of apt remove certbot?

Here is the output of apt list:
root@mail:/usr/bin# sudo apt list --installed |grep certbot

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

certbot/focal-updates,now 0.40.0-1ubuntu0.1 all [installed,automatic]
python3-certbot-dns-cloudflare/focal,now 0.39.0-1 all [installed]
python3-certbot/focal-updates,now 0.40.0-1ubuntu0.1 all [installed,automatic]
root@mail:/usr/bin#

Yes, from step 6 here: Certbot Instructions | Certbot (eff.org)

Well I ran apt remove certbot, and python3-certbot, so now when I run apt list --installed I get:

root@mail:/usr/bin# sudo apt list --installed |grep certbot

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

and I still see:
root@mail:/usr/bin# certbot --version
certbot 1.29.0

I will keep trying to find my phantom certbot. Thanks for the input!

1 Like

Here is output of whereis:
root@mail:/usr/bin# whereis certbot
certbot: /usr/local/sbin/certbot /opt/certbot/bin/certbot /snap/bin/certbot

Do I want the symlink to point to /snap/bin, or opt/cerbot/bin? Instructions call for: sudo ln -s /snap/bin/certbot /usr/bin/certbot

sudo find / -name certbot -print

to find every Certbot on the system.
The we can see, possibly, where each Certbot comes from.

1 Like

The link to the /snap/.. file is correct. You probably want to remove the Certbot in /usr/local/sbin/certbot and /opt/certbot/bin/certbot. For some reason they seem to be taking presidence above /usr/bin/certbot which is kinda weird. But perhaps your ${PATH} variable has something to do with that presidence. You can view it by running echo ${PATH}.

2 Likes

@Bruce5051
Here is the output:
root@mail:/usr/bin# sudo find / -name certbot -print
/usr/local/sbin/certbot
/etc/logrotate.d/certbot
/etc/cron.d/certbot
find: ‘/sys/kernel/tracing’: Permission denied
find: ‘/sys/kernel/debug’: Permission denied
find: ‘/sys/kernel/config’: Permission denied
find: ‘/sys/fs/pstore’: Permission denied
find: ‘/sys/fs/fuse/connections/65’: Permission denied
find: ‘/sys/fs/fuse/connections/55’: Permission denied
find: ‘/sys/firmware/efi/efivars’: Permission denied
/snap/bin/certbot
/snap/certbot
/snap/certbot/2618/bin/certbot
/snap/certbot/2618/lib/python3.8/site-packages/certbot
/opt/certbot
/opt/certbot/bin/certbot
/opt/certbot/lib/python3.8/site-packages/certbot
find: ‘/proc/sys/fs/binfmt_misc’: Permission denied
find: ‘/proc/tty/driver’: Permission denied
/root/.secrets/certbot
/root/snap/certbot
find: ‘/dev/.lxd-mounts’: Permission denied
/var/snap/certbot

Make note, this is running in an LXD container if that matters.

Ok, I will clean those up and report back.

For reference this is the path:
root@mail:/usr/bin# echo ${PATH}
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin

Ah, that explains why the Certbot in /usr/local/bin gets presidence above the Snap Certbot.

4 Likes

Ok, I think we are making progress. I just added the symlink into /usr/local/bin (since path hits it first), now when I run --version:

root@mail:/usr/local/bin# certbot --version
certbot 1.32.2

and:

root@mail:/usr/local/bin# certbot plugins
Saving debug log to /var/log/letsencrypt/letsencrypt.log


  • apache
    Description: Apache Web Server plugin
    Interfaces: Installer, Authenticator, Plugin
    Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT

  • dns-cloudflare
    Description: Obtain certificates using a DNS TXT record (if you are using
    Cloudflare for DNS).
    Interfaces: Authenticator, Plugin
    Entry point: dns-cloudflare =
    certbot_dns_cloudflare._internal.dns_cloudflare:Authenticator

  • nginx
    Description: Nginx Web Server plugin
    Interfaces: Installer, Authenticator, Plugin
    Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator

  • standalone
    Description: Spin up a temporary webserver
    Interfaces: Authenticator, Plugin
    Entry point: standalone = certbot._internal.plugins.standalone:Authenticator

  • webroot
    Description: Place files in webroot directory
    Interfaces: Authenticator, Plugin
    Entry point: webroot = certbot._internal.plugins.webroot:Authenticator


The secret sauce for this mess was:
sudo ln -s /snap/bin/certbot /usr/local/bin/certbot

Just in case anyone else gets in the same pickle.

Really appreciate the fast help. Not sure how I messed it up so bad, I just wanted to add the plugin lol

Thanks again!

2 Likes

I don't know where the original symlink pointed to, but as you already have a symlink in /usr/bin/ pointing to the Snap Certbot, there's no point in having /usr/local/bin/certbot around too. It would have been good to know where it pointed to previously, so you could remove that older Certbot version. But there's a good chance it was the Certbot in /opt/.

4 Likes

Log confirms that:
lrwxrwxrwx 1 root root 24 Aug 26 12:23 certbot -> /opt/certbot/bin/certbot*

This is how it all started. In hind sight, I have no idea why I didn't just change the symlink! Yes - I'm an idiot! lol

1 Like

Not your fault, apparently the decision was made to put the symlink in /usr/local/bin for the (I'm guessing) certbot-auto wrapper script, but /usr/bin/ for the Snap Certbot. That's confusing.

Anyway, my suggestion is to just use the symlink /usr/bin/certbot to point to the Snap Certbot and remove the /usr/local/bin/certbot symlink in total.

5 Likes

Thanks Osiris. Yes I cleaned up the others to avoid future confusion. I only have one now:
root@mail:~# whereis certbot
certbot: /usr/local/bin/certbot /snap/bin/certbot

Thanks again, I owe you a coffee!

1 Like

Hm, so /usr/bin/certbot has been removed, that's weird :stuck_out_tongue:

3 Likes