Certbot fails to run with wrong idna version

thefinn93 / ansible-letsencrypt

An ansible role to generate TLS certificates and get them signed by Let's Encrypt

GNU General Public License v3.0

440 stars 122 forks source link

Certbot fails to run with wrong idna version #58

Closed ArcolaJasper closed 6 years ago

ArcolaJasper commented 7 years ago

Hi,

Certbot has started failing with:

An unexpected error occurred:", "ContextualVersionConflict: (idna 2.6 (/usr/local/share/letsencrypt/env/lib/python2.7/site-packages), Requirement.parse('idna<2.6,>=2.5'), set(['requests']))

There is a certbot bug open here:

https://github.com/certbot/certbot/issues/5015

They say that installing via pip is not supported and we should use the version from jessie-backports when on Debian jessie.

nbering commented 7 years ago

There's also an active discussion on the Let's Encrypt Community Forum.

I'm encountering the same issue, and it would seem everyone else who installed with pip instead of the apt package is as well.

I found a workaround for the moment is to let the role fail, and then install the right idna version in the virtualenv and run the letsencrypt commands manually. That at least got me a cert for now, but running the role again overrides my manual version fix.

To install the correct version on the target machine:

sudo /usr/local/share/letsencrypt/env/bin/pip install "idna<2.6,>=2.5"

The command it would have run can be copied from the ansible error output.

Once you have a certificate the role won't try to run the command again because the certificate file exists, which will at least help people get through their server setups for today...

ArcolaJasper commented 7 years ago

partly working now:

https://github.com/ArcolaJasper/ansible-letsencrypt

ArcolaJasper commented 7 years ago

Rough and ready PR:

https://github.com/thefinn93/ansible-letsencrypt/pull/59

thefinn93 commented 6 years ago

Cool! Please fix the merge issues so I can merge it (reviewing further now)

ArcolaJasper commented 6 years ago

Hi,

I've merged it now.

thefinn93 commented 6 years ago

  - name: check for Debian != jessie
    fail:
      msg: "Only the jessie release of Debian is supported at the moment"
when: ansible_distribution == "Debian" and ansible_distribution_release != "jessie"

Perhaps we could not refuse to run on non-jessie versions of Debian? Jessie isn't even the stable version anymore. Maybe just run the notdebian.yml in that case

thefinn93 commented 6 years ago

Actually, I'm going to close this and move discussion to the pull request's comment thread (#59)