Ubuntu: "urllib3 or chardet doesn't match a supported version"?

This issue is similar to this one but not exactly, and that issue doesn't seem to have had a resolution, but apologies for possible dupe.

I'm using Certbot 0.27.0 on Ubuntu 18.04 with certbot installed from the Ubuntu standard repo. I have root CLI access.

I'm getting this:

~$ certbot --version
/usr/lib/python3/dist-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.26.2) or chardet (3.0.4) doesn't match a supported version!
  RequestsDependencyWarning)
certbot 0.27.0

And the systemd unit for certbot service starts up and seems to renew certs OK, but then exits with this:

2021-01-11 08:38:56,710:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.27.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1364, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1276, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 468, in handle_renewal_request
    len(renew_failures), len(parse_failures)))
certbot.errors.Error: 2 renew failure(s), 0 parse failure(s)

(the 2 renewal failures are I think expired domains)

Does anyone know what's going on or what's best to do?

My best advice is to remove certbot from apt and install it via snapd.
[Your 0.27.0 has seen its' final cert!]

Oh wow - I don't know anything about snaps. Is that now the recommended way of getting certbot for Ubuntu then?

Yes and it comes shipped with Ubuntu...since 16.04?

OK this is I have to say a bit scary. So I apt remove certbot and then snap install certbot ? And all my certs and stuff will be fine?

Wow snap certbot is v 1.1.0?

apt remove certbot will NOT remove any of your certs.
Only certbot delete --cert-name {name} will do that.

Yes, simple, and painless :slight_smile:

OK. I've got about 50 sites on the machine so I hope not. Here I go...

Do certbot certificates before and after - they will be exactly the same.
You might have to review your renewal jobs to ensure they run after the change.
or
better; do once:
certbot renew --dry-run

Which should "cycle" through the motions and setup the cron/systemd.timer renewal job for you.

Oh.

~# snap install certbot
error: This revision of snap "certbot" was published using classic confinement and thus may perform  arbitrary system changes outside of the security sandbox that snaps are usually confined to, which may put your system at risk. If you understand and want to proceed, repeat the command including --classic.

Now what?

I see you don't follow guides much

sudo apt update
sudo apt install snapd
sudo snap install snap-store
sudo snap install --classic certbot

That should put it all up-to-date.

Install certbot on Ubuntu using the Snap Store | Snapcraft

OK I didn't even know there was a guide. Until 5mins ago I'd never installed a snap.

Seems to have done it OK:

~# snap install --classic certbot
2021-01-11T18:48:22Z INFO Waiting for automatic snapd restart...
certbot 1.11.0 from Certbot Project (certbot-eff✓) installed
1 Like

Just a curiosity...
I gave you 4 command lines:

How many did you run?

All of them.

Now I get:

~# certbot certificates 
bash: /usr/bin/certbot: No such file or directory

~# snap list
Name     Version   Rev    Tracking       Publisher     Notes
certbot  1.11.0    889    latest/stable  certbot-eff✓  classic
core20   20201210  904    latest/stable  canonical✓    base
snapd    2.48.2    10707  latest/stable  canonical✓    snapd

~# snap services
Service        Startup   Current   Notes
certbot.renew  disabled  inactive  timer-activated

Does the snap install put the certbot command somewhere else?

EDIT: Ah, I had to reload my shell.

1 Like

Yes.
try:
/snap/bin/certbot --version

There is still some housecleaning things to tidy up:
cron/systemd.timer renewal jobs
test a renewal

certbot 1.11.0

Also systemd - is that not involved any more? Seems broken in some way:

~# service certbot status
● certbot.service
   Loaded: not-found (Reason: No such file or directory)
   Active: failed (Result: exit-code) since Mon 2021-01-11 08:38:56 GMT; 10h ago
 Main PID: 5068 (code=exited, status=1/FAILURE)

Please review:
crontab -l
crontab -u root -l
and
sudo systemctl list-timers
[Which may not be setup until cerbot 1.11.0 actually runs]

That lists the snap.certbot.renew.service

/etc/cron.d/certbot contains this which I guess is OK to keep or should I delete the file?

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew

EDIT: no - /usr/bin/certbot so I guess I should delete it.

Hopefully, this file no longer exists:

So, yes, remove it from cron.

1 Like