# certbot 0.13 issue with argparse module



## tsarya (Apr 30, 2017)

Hi,

I've just updated certbot from 0.12 to 0.13 (py27-certbot-0.13.0,1) and I got the following issue:
`# certbot renew --dry-run`

```
Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 6, in <module>
    from pkg_resources import load_entry_point
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3019, in <module>
    @_call_aside
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3003, in _call_aside
    f(*args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3032, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 655, in _build_master
    ws.require(__requires__)
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 963, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 849, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'argparse' distribution was not found and is required by certbot
```

Any ideas?


----------



## cpm@ (Apr 30, 2017)

I'll commit this patch to fix the issue.

https://github.com/certbot/certbot/commit/89af460792fcdfb23c7dc4f9fcdec1bfa07a2656


----------



## tsarya (May 1, 2017)

Fixed in py27-certbot-0.13.0_1,1, py27-acme-0.13.0_1,1


----------



## tsarya (May 14, 2017)

Hello again,

just updated to devel/py-configargparse (0.12.0) and certbot is broken again...

`# certbot renew --dry-run`

```
An unexpected error occurred:
AttributeError: 'tuple' object has no attribute 'add'
Please see the logfile 'certbot.log' for more details.
```

certbot.log contains the following:

```
Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.13.0', 'console_scripts', 'certbot')()
  File "/usr/local/lib/python2.7/site-packages/certbot/main.py", line 738, in main
    args = cli.prepare_and_parse_args(plugins, cli_args)
  File "/usr/local/lib/python2.7/site-packages/certbot/cli.py", line 1072, in prepare_and_parse_args
    helpful.add_deprecated_argument("--agree-dev-preview", 0)
  File "/usr/local/lib/python2.7/site-packages/certbot/cli.py", line 726, in add_deprecated_argument
    self.parser.add_argument, argument_name, num_args)
  File "/usr/local/lib/python2.7/site-packages/certbot/util.py", line 440, in add_deprecated_argument
    configargparse.ACTION_TYPES_THAT_DONT_NEED_A_VALUE.add(ShowWarning)
AttributeError: 'tuple' object has no attribute 'add'
```


----------



## cpm@ (May 14, 2017)

Yes, this issue is caused by the new ConfigArgParse-0.12.0

Have you tried this fix?

https://github.com/certbot/certbot/commit/7cbbf20b0c5003f9bd500249278034fae889168d


----------



## tsarya (May 15, 2017)

Yes, I applied the patch and it fixes the issue. Thanks!

What bothers me is that certbot gets broken too often.

Does anyone know an easy way to migrate to security/acme-client?

This article shows how to set it up from scratch, the question is if you already have an account and the certificates/private keys fetched with security/py-certbot


----------



## cpm@ (May 19, 2017)

Currently Let's Encrypt is down, so I guess they will respond ASAP 

https://community.letsencrypt.org/t/migrate-from-certbot-to-acme-client/34131


----------



## drhowarddrfine (May 19, 2017)

tsarya said:


> What bothers me is that certbot gets broken too often.


I use certbot for my web clients with little money and have not had any issues whatsoever for the past year or so that we've been using it.


----------



## tsarya (May 20, 2017)

cpm@ said:


> Currently Let's Encrypt is down, so I guess they will respond ASAP
> 
> https://community.letsencrypt.org/t/migrate-from-certbot-to-acme-client/34131



Almost 



drhowarddrfine said:


> I use certbot for my web clients with little money and have not had any issues whatsoever for the past year or so that we've been using it.



certbot works, but due to the tons of dependencies it is 'fragile'. I still use it on several servers, cause this was the first tool I used for Let's Encrypt, reading the guidelines from their website. After having 2 issues within a month timeframe, I started looking of other options and noticed the acme-client in OpenBSD. I saw that it's also available in the ports collection, so I should have done some more reading before rushing into certbot in the first place


----------



## drhowarddrfine (May 20, 2017)

tsarya Tons? I see mostly python stuff which is already installed by other ports plus the same acme port but it also relieves the many problems trying to get letsencrypt running that I had in the past and, as I said, we haven't had any issues with certbot in the year we've been using it.


----------



## tsarya (May 20, 2017)

drhowarddrfine said:


> tsarya Tons? I see mostly python stuff which is already installed by other ports plus the same acme port but it also relieves the many problems trying to get letsencrypt running that I had in the past and, as I said, we haven't had any issues with certbot in the year we've been using it.



Ok, let me clarify, I am looking to switch from certbot to acme-client, and again, I am not judging the software whether it is bad or good, rather I am saying that I had 2 issues within a month. Thanks to cpm@, they got sorted out extremely quickly, which is perfect.
So again, if somebody finds a working solution to convert the keys, please post it here... if not, it won't be the end of the world 

Cheers!


----------



## tsarya (Jan 20, 2018)

I guess I have to reopen this thread as I've updated my ports and py27-certbot-0.20.0,1 gave me this:

```
# certbot renew --dry-run
Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 6, in <module>
    from pkg_resources import load_entry_point
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3147, in <module>
    @_call_aside
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3131, in _call_aside
    f(*args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3160, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 668, in _build_master
    return cls._build_from_requirements(__requires__)
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 681, in _build_from_requirements
    dists = ws.resolve(reqs, Environment())
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 875, in resolve
    raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (cryptography 2.0.3 (/usr/local/lib/python2.7/site-packages), Requirement.parse('cryptography>=2.1.4'), set(['PyOpenSSL']))
```

I am using security/libressl instead of OpenSSL from base.

Any help to fix the issue would be greatly appreciated.


----------



## cpm@ (Jan 21, 2018)

You appear to running py-cryptography 2.0.3 and need 2.1.4. That's what your error is telling you.

To solve this issue, you need to update security/py-cryptography to 2.1.4. For more details, see PR 225348 and PR 225354.


----------



## tsarya (Jan 21, 2018)

The ports tree does not have version 2.1.4 as of this post.

On one of my machines certbot is built with FLAVOR=py36 and it does not have this issue.

I still have a month to go for that certificate so I guess it will be fixed by then.

Thanks! 

UPDATE: Updating from py36-openssl-17.3.0 to py36-openssl-17.5.0 breaks certbot!


----------



## cpm@ (Jan 22, 2018)

I currently have an update/review in progress

https://reviews.freebsd.org/D13981

PS. This problem has been fixed after r459657.


----------

