Description of problem: Am finally being forced to update the certs, noticed that letsencrypt has been removed on all my systems. Re-install attempt provides the above message. Rooting around the web, noticed that a previous version required python2-acme-0.4.0. Is there some hard dependency on a version? Would this be fixable with a '>=' in the rpm build? # dnf install letsencrypt Last metadata expiration check: 1:28:33 ago on Thu Jun 2 11:27:27 2016. Error: nothing provides python2-acme = 0.5.0 needed by python2-letsencrypt-0.5.0-1.fc23.noarch (try to add '--allowerasing' to command line to replace conflicting packages) --allowerasing did not change anything.
There's a hard dependency by design upstream. The version of acme needs to match. Please note that letsencrypt has been obsoleted by certbot and a general dnf upgrade should pull in certbot 0.6.0 along with acme 0.6.0, and 0.7.0 of each are in the testing repositories. Here's the F23 bodhi update: https://bodhi.fedoraproject.org/updates/certbot-0.6.0-2.fc23%20python-acme-0.6.0-1.fc23
Hmm actually on a quick test in a clean F23 VM ... [root@f23template ~]# dnf install letsencrypt Fedora 23 - x86_64 - Updates 2.9 MB/s | 22 MB 00:07 Fedora 23 - x86_64 3.4 MB/s | 43 MB 00:12 Last metadata expiration check: 0:00:21 ago on Thu Jun 2 19:45:03 2016. Error: nothing provides python2-acme = 0.5.0 needed by python2-letsencrypt-0.5.0-1.fc23.noarch (try to add '--allowerasing' to command line to replace conflicting packages) [root@f23template ~]# [root@f23template ~]# dnf provides letsencrypt #Last metadata expiration check: 0:03:16 ago on Thu Jun 2 19:45:03 2016. certbot-0.6.0-2.fc23.noarch : A free, automated certificate authority client Repo : updates letsencrypt-0.5.0-1.fc23.noarch : A free, automated certificate authority client Repo : updates _____________________________________ Looks like dnf is being a bit odd with the provider resolution ... I guess because letsencrypt matches specifically? Well if rpm -q letsencrypt shows it installed on your system a dnf update will switch you to certbot, if it's not then dnf install certbot is what you need.
Final note on this ... on F24 it behaves as expected as letsencrypt doesn't exist in that repo: sudo dnf install letsencrypt [sudo] password for james: firmware for qemu, built by jenkins, fresh from 34 kB/s | 13 kB 00:00 Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: certbot noarch 0.7.0-1.fc24 updates-testing 20 k dialog x86_64 1.3-3.20160209.fc24 fedora 227 k python-parsedatetime noarch 1.5-3.fc24 fedora 65 k python-zope-component noarch 4.2.2-3.fc24 fedora 117 k python-zope-event noarch 4.2.0-1.fc24 fedora 178 k python-zope-interface x86_64 4.1.3-4.fc24 fedora 145 k python2-acme noarch 0.7.0-1.fc24 updates-testing 165 k python2-certbot noarch 0.7.0-1.fc24 updates-testing 343 k python2-configargparse noarch 0.10.0-2.fc24 fedora 32 k python2-configobj noarch 5.0.6-4.fc24 fedora 66 k python2-dialog noarch 3.3.0-8.fc24 fedora 99 k python2-funcsigs noarch 0.4-3.fc24 fedora 30 k python2-mock noarch 1.3.0-1.fc24 fedora 128 k python2-ndg_httpsclient noarch 0.4.0-3.fc24 fedora 51 k python2-pbr noarch 1.8.1-4.fc24 fedora 258 k python2-pyrfc3339 noarch 1.0-3.fc24 fedora 18 k Transaction Summary ================================================================================ Install 16 Packages Total download size: 1.9 M Installed size: 7.5 M Is this ok [y/N]: n And the obsolete and provides is present on certbot properly in F23 ... [root@f23template ~]# dnf repoquery --obsoletes certbot Last metadata expiration check: 0:06:41 ago on Thu Jun 2 19:45:03 2016. letsencrypt < 0.6.0 [root@f23template ~]# dnf repoquery --provides certbot Last metadata expiration check: 0:08:56 ago on Thu Jun 2 19:45:03 2016. certbot = 0.6.0-2.fc23 letsencrypt = 0.6.0-2.fc23
*Really* final word this time .. you got bit by this: bz#1096506 I'll open a rel-eng ticket to remove the old letsencrypt package entirely from the F23 repos to prevent this happening.
Ah, ok. Missed the cerbot part. Thanks for the quick response.
(In reply to Doug Maxey from comment #5) > Ah, ok. Missed the cerbot part. > > Thanks for the quick response. To expand a bit, apparently cerbot has been installed, replacing letsencrypt, but I failed to notice the change.
Well at least the obsoletes did the right thing there! There should be a symlink so the letsencrypt command still works... but the actual command now is certbot (all arguments otherwise the same).