Ubuntu 20.04 AttributeError: module 'acme.challenges' has no attribute 'TLSSNI01'

[Pequito]

My operating system is (include version):

No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04 LTS
Release: 20.04
Codename: focal

I installed Certbot with (certbot-auto, OS package manager, pip, etc):

Certbot

• sudo apt install -y certbot
• sudo apt install -y python3-certbot-nginx

I ran this command and it produced this output:

sudo certbot

Certbot's behavior differed from what I expected because:

Newer OS server and believe not completely ready

Here is a Certbot log showing the issue (if available):

Logs are stored in /var/log/letsencrypt by default. Feel free to redact domains, e-mail and IP addresses as you see fit.

2020-04-25 01:25:07,145:DEBUG:urllib3.connectionpool:https://acme-v02.api.letse>
2020-04-25 01:25:07,146:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 25 Apr 2020 01:25:05 GMT
Content-Type: application/json
Content-Length: 797
Connection: keep-alive
Boulder-Requester: 84386859
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0001vLE1npPpRv6CrnqfpVlL8VGaAtZa7HUp8ppzNBnDMPo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "isme.twinklebbs.xyz"
},
"status": "pending",
"expires": "2020-05-02T00:43:32Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/4162688563/ZQs>
"token": "_iKdhhYmc0P5WaoKgKU1xQDQmHlejx0zMRV_eY0HzUE"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/4162688563/dtD>
"token": "_iKdhhYmc0P5WaoKgKU1xQDQmHlejx0zMRV_eY0HzUE"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/4162688563/nnp>
"token": "iKdhhYmc0P5WaoKgKU1xQDQmHlejx0zMRV_eY0HzUE"
}
]
}
2020-04-25 01:25:07,146:DEBUG:acme.client:Storing nonce: 0001vLE1npPpRv6CrnqfpV>
2020-04-25 01:25:07,147:INFO:certbot.auth_handler:Performing the following chal>
2020-04-25 01:25:07,147:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==0.40.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1382, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1132, in run
new_lineage = get_and_save_cert(le_client, config, domains,
File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in get_and>
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 417, in obtain>
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 348, in obtain>
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_sub>
File "/usr/lib/python3/dist-packages/certbot/client.py", line 396, in _get_or>
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 62, in ha>
achalls = self._choose_challenges(authzrs)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 206, in _>
self._get_chall_pref(authzr.body.identifier.value),
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 221, in _>
plugin_pref = self.auth.get_chall_pref(domain)
File "/usr/lib/python3/dist-packages/certbot_nginx/configurator.py", line 111>
return [challenges.HTTP01, challenges.TLSSNI01]
AttributeError: module 'acme.challenges' has no attribute 'TLSSNI01'
2020-04-25 01:25:07,151:ERROR:certbot.log:An unexpected error occurred:

Here is the relevant nginx server block or Apache virtualhost for the domain I am configuring:

Performing the following challenges:
An unexpected error occurred:
AttributeError: module 'acme.challenges' has no attribute 'TLSSNI01'
Please see the logfiles in /var/log/letsencrypt for more details.

This ran without any hitch before

server {
listen 80;
listen [::]:80;

root /var/www/isme;

index index.php;
server_name isme.twinklebbs.xyz;

location / {
autoindex on;
try_files $uri $uri/ =404;
}

location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}

location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}

location ~ /.ht {
deny all;
}
}

[vinyll]

The current source work on Ubuntu Focal 20.04. It's pretty easy to run and you can later remove it to run from the binary again:

git clone https://github.com/certbot/certbot
cd certbot
python tools/venv3.py

You can then run that copy of certbot from that source. Example with nginx plugin:

sudo /home/ubuntu/certbot/venv3/bin/certbot --nginx

[Pequito]

Thank you Vinyll this did work! Can use this for now until it has been released into Ubuntu.

[bmw]

Thanks for reporting this!

So far I've been talking to myself about the issue on Launchpad at https://bugs.launchpad.net/ubuntu/+source/python-certbot-nginx/+bug/1875471, but I've been talking to Debian/Ubuntu developers about the problems through other channels and it'll hopefully be fixed soon.

[guillaumebriday]

Hey, any updates on this issue ?

thank you guys !

[bmw]

The issue is largely out of our hands now. We're answering the questions of Ubuntu Developers who are working on it, but they're the only ones who are able to make changes to Ubuntu's official repos. In my experience, it'll be days if not weeks before this is fixed.

For updates, follow my launchpad bug above which again is https://bugs.launchpad.net/ubuntu/+source/python-certbot-nginx/+bug/1875471.

[vinyll]

I made a one-liner script to easily install Certbot: https://github.com/vinyll/certbot-install#how-to-install
This installs the latest version and creates a shortcut.

There's also a one-liner to uninstall.

[aburakovskiy]

It works well, thank you @vinyll

[dysonsphere-startmail]

Thank you! Running from source worked like a charm.

[ivangayton]

Thanks @vinyll, elegant and helpful.

[prkumble]

@vinyll Thanks a ton! it worked like a charm.

[WaelSan]

For a very fragile workaround, you can edit /usr/lib/python3/dist-packages/certbot_nginx/configurator.py and replace return [challenges.HTTP01, challenges.TLSSNI01] with return [challenges.HTTP01]

source :
https://serverfault.com/questions/1001749/certbot-error-no-attribute-tlssni01-cert-revoke-status-code-400

This works for me

[bmw]

A new package fixing this problem has been uploaded to the focal-proposed repository. If you'd like to help us and Ubuntu test it, you can follow the instructions at https://bugs.launchpad.net/ubuntu/+source/python-certbot-nginx/+bug/1875471/comments/24.

[franco-martin]

@vinyll thanks!

[iiiyu]

@vinyll thanks! +1

[bmw]

A new version of the python3-certbot-nginx package fixing this problem was pushed to the Focal repositories this morning.