Unable to issue certificate


#1

When I try to issue a new certificate for my domain, the cerbot is not able to issue a new certificate because of
ContextualVersionConflict error. The server is running on Centos 7, certbot was installed via pip on python 2.7.

[centos@ip- ~]$ sudo /opt/certbot/bin/certbot certonly --standalone -d “domain” --agree-tos -m “email” -n
An unexpected error occurred
ContextualVersionConflict: (idna 2.8 (/opt/certbot/lib/python2.7/site-packages), Requirement.parse(‘idna<2.8,>=2.5’), set([‘requests’]))

I’ve looked everywhere on the internet, I can’t find the correct answer, I installed idna==2.5, the problem is still the same.

The funny thing is until yesterday I was able to issue a certificate for this domain and suddenly it stopped.

I would appreciate if someone can help.

Regards,


#2

Certbot isn’t officially intended to be installed via pip.

Can you install it with EPEL or, as more of a drop-in replacement for your current setup, with certbot-auto?

(EPEL seems to have version 0.27.1 at the moment.)

You can get EPEL instructions of you select “CentOS/RHEL 7”, or certbot-auto instructions if you select “Other UNIX”.

idna 2.8 was just released a couple days ago.

(The most recent release of Certbot was today, too.)

Edit: I forgot a link:


#3

I installed certbot via yum, but the error is still complaining about the same thing.

[centos@ ~]$ sudo certbot certonly
Traceback (most recent call last):
File “/bin/certbot”, line 5, in
from pkg_resources import load_entry_point
File “/usr/lib/python2.7/site-packages/pkg_resources/init.py”, line 3126, in
@_call_aside
File “/usr/lib/python2.7/site-packages/pkg_resources/init.py”, line 3110, in _call_aside
f(*args, **kwargs)
File “/usr/lib/python2.7/site-packages/pkg_resources/init.py”, line 3139, in _initialize_master_working_set
working_set = WorkingSet._build_master()
File “/usr/lib/python2.7/site-packages/pkg_resources/init.py”, line 583, in _build_master
return cls._build_from_requirements(requires)
File “/usr/lib/python2.7/site-packages/pkg_resources/init.py”, line 596, in _build_from_requirements
dists = ws.resolve(reqs, Environment())
File “/usr/lib/python2.7/site-packages/pkg_resources/init.py”, line 789, in resolve
raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (idna 2.8 (/usr/lib/python2.7/site-packages), Requirement.parse(‘idna<2.8,>=2.5’), set([‘requests’]))

[centos@ ~] rpm -qa | grep certbot python2-certbot-0.27.1-1.el7.noarch certbot-0.27.1-1.el7.noarch [centos@ ~]

I will try auto-certbot, see if this would help.


#4

Seems that it is an issue with requests 2.20.1, when I upgraded requests version, it downgraded idna from 2.8 to 2.7. With idna==2.7, the issue still didn’t get fixed.

sudo pip install 'idna>=2.1'
Collecting idna>=2.1
  Using cached https://files.pythonhosted.org/packages/14/2c/cd551d81dbe15200be1cf41cd03869a46fe7226e7450af7a6545bfc474c9/idna-2.8-py2.py3-none-any.whl
requests 2.20.1 has requirement idna<2.8,>=2.5, but you'll have idna 2.8 which is incompatible.

#5

I’m ran into the same issue with MacPorts, when testing the update to certbot 0.29.1.

https://trac.macports.org/ticket/57747


#6

The issue is with requests, setup.py:

`requires = [
‘chardet>=3.0.2,<3.1.0’,
‘idna>=2.5,<2.8’,
‘urllib3>=1.21.1,<1.25’,
‘certifi>=2017.4.17’

]`

On my system, things again work when I reactivate idna 2.7.

I hesitate to change the requirements of requests 2.20.1.


#7

See: https://github.com/requests/requests/issues/4890


#8

Hi Marius,

Thanks, I will wait for the patch to be released. If it’s going to take longer I’ll do what you said about py-idna.

Regards,


#9

You could use one of the many alternative clients. certbot, whatever its virtues, has tons of dependencies, while clients like dehydrated or acme.sh have much fewer. You’ll be responsible for making the appropriate configuration settings for whatever server software you’re using, though.