When I try to issue a new certificate for my domain, the cerbot is not able to issue a new certificate because of
ContextualVersionConflict error. The server is running on Centos 7, certbot was installed via pip on python 2.7.
[centos@ip- ~]$ sudo /opt/certbot/bin/certbot certonly --standalone -d “domain” --agree-tos -m “email” -n
An unexpected error occurred
ContextualVersionConflict: (idna 2.8 (/opt/certbot/lib/python2.7/site-packages), Requirement.parse(‘idna<2.8,>=2.5’), set([‘requests’]))
I’ve looked everywhere on the internet, I can’t find the correct answer, I installed idna==2.5, the problem is still the same.
The funny thing is until yesterday I was able to issue a certificate for this domain and suddenly it stopped.
I would appreciate if someone can help.
Regards,
Certbot isn't officially intended to be installed via pip.
Can you install it with EPEL or, as more of a drop-in replacement for your current setup, with certbot-auto?
(EPEL seems to have version 0.27.1 at the moment.)
You can get EPEL instructions of you select "CentOS/RHEL 7", or certbot-auto instructions if you select "Other UNIX".
idna 2.8 was just released a couple days ago.
(The most recent release of Certbot was today, too.)
Edit: I forgot a link:
opened 08:10AM - 10 Aug 17 UTC
closed 10:47PM - 05 Sep 17 UTC
area: debian / ubuntu
area: documentation
## My operating system is (include version):
Can reproduce on Debian 8 and Ub… untu 16.04, did not test other systems, but it seems likely all OS are affected.
## I installed Certbot with (certbot-auto, OS package manager, pip, etc):
pip
## I ran this command and it produced this output:
`certbot`:
```
An unexpected error occurred:
ContextualVersionConflict: (idna 2.6 (/tmp/letest/lib/python2.7/site-packages), Requirement.parse('idna<2.6,>=2.5'), set(['requests']))
Please see the logfile '/tmp/tmpFj1SPt' for more details.
```
## Certbot's behavior differed from what I expected because:
It should work ;)
## Here is the full, reproducible output:
```
rene@rene-desktop /tmp % virtualenv letest
Running virtualenv with interpreter /usr/bin/python2
New python executable in /tmp/letest/bin/python2
Also creating executable in /tmp/letest/bin/python
Installing setuptools, pkg_resources, pip, wheel...done.
rene@rene-desktop /tmp % source letest/bin/activate
(letest) rene@rene-desktop /tmp % pip install certbot
Collecting certbot
Downloading certbot-0.17.0-py2.py3-none-any.whl (269kB)
100% |████████████████████████████████| 276kB 807kB/s
Collecting zope.interface (from certbot)
Downloading zope.interface-4.4.2-cp27-cp27mu-manylinux1_x86_64.whl (170kB)
100% |████████████████████████████████| 174kB 1.3MB/s
Collecting pyrfc3339 (from certbot)
Downloading pyRFC3339-1.0-py2.py3-none-any.whl
Requirement already satisfied: setuptools>=1.0 in ./letest/lib/python2.7/site-packages (from certbot)
Collecting zope.component (from certbot)
Downloading zope.component-4.4.0-py2.py3-none-any.whl (70kB)
100% |████████████████████████████████| 71kB 1.6MB/s
Collecting pytz (from certbot)
Using cached pytz-2017.2-py2.py3-none-any.whl
Collecting ConfigArgParse>=0.9.3 (from certbot)
Downloading ConfigArgParse-0.12.0.tar.gz (41kB)
100% |████████████████████████████████| 51kB 2.4MB/s
Collecting configobj (from certbot)
Downloading configobj-5.0.6.tar.gz
Collecting six (from certbot)
Using cached six-1.10.0-py2.py3-none-any.whl
Collecting cryptography>=1.2 (from certbot)
Downloading cryptography-2.0.3-cp27-cp27mu-manylinux1_x86_64.whl (2.2MB)
100% |████████████████████████████████| 2.2MB 435kB/s
Collecting PyOpenSSL (from certbot)
Downloading pyOpenSSL-17.2.0-py2.py3-none-any.whl (52kB)
100% |████████████████████████████████| 61kB 2.0MB/s
Collecting mock (from certbot)
Using cached mock-2.0.0-py2.py3-none-any.whl
Collecting parsedatetime>=1.3 (from certbot)
Downloading parsedatetime-2.4-py2-none-any.whl (40kB)
100% |████████████████████████████████| 40kB 1.3MB/s
Collecting acme==0.17.0 (from certbot)
Downloading acme-0.17.0-py2.py3-none-any.whl (99kB)
100% |████████████████████████████████| 102kB 1.5MB/s
Collecting zope.event (from zope.component->certbot)
Downloading zope.event-4.3.0-py2.py3-none-any.whl
Collecting ipaddress (from cryptography>=1.2->certbot)
Using cached ipaddress-1.0.18-py2-none-any.whl
Collecting idna>=2.1 (from cryptography>=1.2->certbot)
Downloading idna-2.6-py2.py3-none-any.whl (56kB)
100% |████████████████████████████████| 61kB 1.7MB/s
Collecting asn1crypto>=0.21.0 (from cryptography>=1.2->certbot)
Using cached asn1crypto-0.22.0-py2.py3-none-any.whl
Collecting enum34 (from cryptography>=1.2->certbot)
Using cached enum34-1.1.6-py2-none-any.whl
Collecting cffi>=1.7 (from cryptography>=1.2->certbot)
Using cached cffi-1.10.0-cp27-cp27mu-manylinux1_x86_64.whl
Collecting funcsigs>=1; python_version < "3.3" (from mock->certbot)
Using cached funcsigs-1.0.2-py2.py3-none-any.whl
Collecting pbr>=0.11 (from mock->certbot)
Using cached pbr-3.1.1-py2.py3-none-any.whl
Collecting future (from parsedatetime>=1.3->certbot)
Downloading future-0.16.0.tar.gz (824kB)
100% |████████████████████████████████| 829kB 792kB/s
Collecting requests[security]>=2.4.1 (from acme==0.17.0->certbot)
Using cached requests-2.18.3-py2.py3-none-any.whl
Collecting pycparser (from cffi>=1.7->cryptography>=1.2->certbot)
Collecting chardet<3.1.0,>=3.0.2 (from requests[security]>=2.4.1->acme==0.17.0->certbot)
Using cached chardet-3.0.4-py2.py3-none-any.whl
Collecting certifi>=2017.4.17 (from requests[security]>=2.4.1->acme==0.17.0->certbot)
Using cached certifi-2017.7.27.1-py2.py3-none-any.whl
Collecting urllib3<1.23,>=1.21.1 (from requests[security]>=2.4.1->acme==0.17.0->certbot)
Using cached urllib3-1.22-py2.py3-none-any.whl
Building wheels for collected packages: ConfigArgParse, configobj, future
Running setup.py bdist_wheel for ConfigArgParse ... done
Stored in directory: /home/rene/.cache/pip/wheels/6a/40/6b/6d9924b7757fff15a7296256f9d6d27a9600beabd387f057af
Running setup.py bdist_wheel for configobj ... done
Stored in directory: /home/rene/.cache/pip/wheels/87/76/48/1564f8466fbd36402af5ac4972ffb56a6ef7f143892ef57fe5
Running setup.py bdist_wheel for future ... done
Stored in directory: /home/rene/.cache/pip/wheels/c2/50/7c/0d83b4baac4f63ff7a765bd16390d2ab43c93587fac9d6017a
Successfully built ConfigArgParse configobj future
Installing collected packages: zope.interface, pytz, pyrfc3339, zope.event, zope.component, ConfigArgParse, six, configobj, ipaddress, idna, asn1crypto, enum34, pycparser, cffi, cryptography, PyOpenSSL, funcsigs, pbr, mock, future, parsedatetime, chardet, certifi, urllib3, requests, acme, certbot
Successfully installed ConfigArgParse-0.12.0 PyOpenSSL-17.2.0 acme-0.17.0 asn1crypto-0.22.0 certbot-0.17.0 certifi-2017.7.27.1 cffi-1.10.0 chardet-3.0.4 configobj-5.0.6 cryptography-2.0.3 enum34-1.1.6 funcsigs-1.0.2 future-0.16.0 idna-2.6 ipaddress-1.0.18 mock-2.0.0 parsedatetime-2.4 pbr-3.1.1 pycparser-2.18 pyrfc3339-1.0 pytz-2017.2 requests-2.18.3 six-1.10.0 urllib3-1.22 zope.component-4.4.0 zope.event-4.3.0 zope.interface-4.4.2
(letest) rene@rene-desktop /tmp % certbot
An unexpected error occurred:
ContextualVersionConflict: (idna 2.6 (/tmp/letest/lib/python2.7/site-packages), Requirement.parse('idna<2.6,>=2.5'), set(['requests']))
Please see the logfile '/tmp/tmpFj1SPt' for more details.
(letest) rene@rene-desktop /tmp %
```
Manually downgrading `idna` to `2.5` seems to work around the problem (thanks to Peng on #letsencrypt for the hint).
```
(letest) rene@rene-desktop /tmp % pip install idna\<2.6
Collecting idna<2.6
Using cached idna-2.5-py2.py3-none-any.whl
Installing collected packages: idna
Found existing installation: idna 2.6
Uninstalling idna-2.6:
Successfully uninstalled idna-2.6
Successfully installed idna-2.5
(letest) rene@rene-desktop /tmp % certbot
The following error was encountered:
[Errno 13] Permission denied: '/var/log/letsencrypt'
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.
```
mnordhoff:
Certbot
I installed certbot via yum, but the error is still complaining about the same thing.
[centos@ ~]$ sudo certbot certonly
Traceback (most recent call last):
File "/bin/certbot", line 5, in
from pkg_resources import load_entry_point
File "/usr/lib/python2.7/site-packages/pkg_resources/init .py", line 3126, in
@_call_aside
File "/usr/lib/python2.7/site-packages/pkg_resources/init .py", line 3110, in _call_aside
f(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/pkg_resources/init .py", line 3139, in _initialize_master_working_set
working_set = WorkingSet._build_master()
File "/usr/lib/python2.7/site-packages/pkg_resources/init .py", line 583, in _build_master
return cls._build_from_requirements(requires )
File "/usr/lib/python2.7/site-packages/pkg_resources/init .py", line 596, in _build_from_requirements
dists = ws.resolve(reqs, Environment())
File "/usr/lib/python2.7/site-packages/pkg_resources/init .py", line 789, in resolve
raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (idna 2.8 (/usr/lib/python2.7/site-packages), Requirement.parse('idna<2.8,>=2.5'), set(['requests']))
[centos@ ~]$ rpm -qa | grep certbot
python2-certbot-0.27.1-1.el7.noarch
certbot-0.27.1-1.el7.noarch
[centos@ ~]$
I will try auto-certbot, see if this would help.
Seems that it is an issue with requests 2.20.1, when I upgraded requests version, it downgraded idna from 2.8 to 2.7. With idna==2.7, the issue still didn’t get fixed.
sudo pip install 'idna>=2.1'
Collecting idna>=2.1
Using cached https://files.pythonhosted.org/packages/14/2c/cd551d81dbe15200be1cf41cd03869a46fe7226e7450af7a6545bfc474c9/idna-2.8-py2.py3-none-any.whl
requests 2.20.1 has requirement idna<2.8,>=2.5, but you'll have idna 2.8 which is incompatible.
I’m ran into the same issue with MacPorts, when testing the update to certbot 0.29.1.
https://trac.macports.org/ticket/57747
The issue is with requests, setup.py:
`requires = [
‘chardet>=3.0.2,<3.1.0’,
‘idna>=2.5,<2.8’,
‘urllib3>=1.21.1,<1.25’,
‘certifi>=2017.4.17’
]`
On my system, things again work when I reactivate idna 2.7.
I hesitate to change the requirements of requests 2.20.1.
Hi Marius,
Thanks, I will wait for the patch to be released. If it’s going to take longer I’ll do what you said about py-idna.
Regards,
danb35
December 8, 2018, 8:21pm
9
You could use one of the many alternative clients. certbot, whatever its virtues, has tons of dependencies, while clients like dehydrated or acme.sh have much fewer. You’ll be responsible for making the appropriate configuration settings for whatever server software you’re using, though.
1 Like
system
Closed
January 7, 2019, 8:21pm
10
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.