Hey folks,
This is a heads up that an upcoming version of pyOpenSSL is removing X509Extensions (Remove X509Extension, which has been deprecated for a year by alex · Pull Request #1376 · pyca/pyopenssl · GitHub), which Certbot used prior to Certbot 4.0. For some older Certbot clients installed via pip, this may cause breakages due to unpinned transitive pyOpenSSL versions.
If you install Certbot via pip and are pinned to a version older than 4.0, you can address this by either upgrading to Certbot 4.0 (recommended) OR by also pinning pyOpenSSL.
If you install Certbot via snap or a distro-managed package, this will not affect you.
Happy to answer any questions.