Your system is not supported by certbot-auto anymore


We've been using letsencrypt/certbot for a while now but recently i've upgraded our server to a newer AMI and tried installing certbot again. it seems to be throwing the errors below. I have tried installing snap and after running this command: sudo snap install --classic certbot
it spits out this error which I cannot find a solution for:
error: system does not fully support snapd: cannot mount squashfs image using
"squashfs": mount: unknown filesystem type 'squashfs'

Any assistance would be greatly appreciated. Let me know if you need further info.

My domain is: *

I ran this command: ./certbot-auto

It produced this output:

Skipping bootstrap because certbot-auto is deprecated on this system.
./certbot-auto has insecure permissions!
To learn how to fix them, visit Certbot-auto deployment best practices
Your system is not supported by certbot-auto anymore.
Certbot cannot be installed.
Please visit to check for other alternatives.

My web server is (include version):

The operating system my web server runs on is (include version): Red Hat Enterprise Linux Server release 7.9 (Maipo)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): n/a

1 Like

If your kernel doesn't have squashfs enabled, you might still be able to install Certbot from EPEL. It has a reasonable up-to-date version of Certbot.

  1. Install EPEL for Red Hat 7.
  2. Install python2-certbot-nginx or python2-certbot-apache or whatever you need.
1 Like

Was able to install EPEL
and do a yum install certbot

Currently getting this error. the current version of pyOpenSSL is 0.13.1 and it won't upgrade further.

Any suggestions on how to bypass this?

[root@ip-10-162-30-243 opt]# certbot
Traceback (most recent call last):
File "/bin/certbot", line 9, in
load_entry_point('certbot==1.11.0', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/pkg_resources/", line 572, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.7/site-packages/pkg_resources/", line 2769, in load_entry_point
return ep.load()
File "/usr/lib/python2.7/site-packages/pkg_resources/", line 2422, in load
return self.resolve()
File "/usr/lib/python2.7/site-packages/pkg_resources/", line 2428, in resolve
module = import(self.module_name, fromlist=['name'], level=0)
File "/usr/lib/python2.7/site-packages/certbot/", line 2, in
from certbot._internal import main as internal_main
File "/usr/lib/python2.7/site-packages/certbot/_internal/", line 21, in
from certbot._internal import account
File "/usr/lib/python2.7/site-packages/certbot/_internal/", line 17, in
from acme.client import ClientBase # pylint: disable=unused-import
File "/usr/lib/python2.7/site-packages/acme/", line 39, in
requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3() # type: ignore
File "/root/.local/lib/python2.7/site-packages/urllib3/contrib/", line 122, in inject_into_urllib3
File "/root/.local/lib/python2.7/site-packages/urllib3/contrib/", line 164, in _validate_dependencies_met
"'pyOpenSSL' module missing required functionality. "
ImportError: 'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.

1 Like

Ah I think that's because of the user site-packages Python packages installed via your root user:

That creates a version conlict. That's unfortunate.

The whole point in snaps is to avoid this kind of issue but it seems you have some custom kernel image without a required feature.

I suspect that if you run Certbot like this it will work:

PYTHONNOUSERSITE=false certbot --version

Of course, that's only a half-measure and not really a full solution.

I'm not sure what the best solution for you is, honestly. I'd probably get rid of the root user's site-packages ... but I'm not sure why you have them to begin with, so I wouldn't advise you to blindly follow that advice.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.