certbot ImportError: cannot import name constants解决方案
## 前因
今天ssl证书要到期,登录服务器准备用certbot更新一下,结果执行certbot指令的时候报了下面的错:
```shell
[root@VM-0-12-centos /]# certbot --version
An unexpected error occurred:
ImportError: cannot import name constants
```
按照提示查看 `/tmp/tmpLYYslI/log`,错误信息如下:
```shell
2021-09-10 10:06:38,511:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 9, in <module>
load_entry_point('certbot==1.11.0', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1383, in main
plugins = plugins_disco.PluginsRegistry.find_all()
File "/usr/lib/python2.7/site-packages/certbot/_internal/plugins/disco.py", line 236, in find_all
plugin_ep = cls._load_entry_point(entry_point, plugins, with_prefix=False)
File "/usr/lib/python2.7/site-packages/certbot/_internal/plugins/disco.py", line 254, in _load_entry_point
plugin_ep = PluginEntryPoint(entry_point, with_prefix)
File "/usr/lib/python2.7/site-packages/certbot/_internal/plugins/disco.py", line 56, in __init__
self.plugin_cls = entry_point.load()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2405, in load
return self.resolve()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2411, in resolve
module = __import__(self.module_name, fromlist=['__name__'], level=0)
File "/usr/lib/python2.7/site-packages/certbot_nginx/configurator.py", line 16, in <module>
from certbot import constants as core_constants
ImportError: cannot import name constants
```
从错误信息中可以看到是最后一行 `certbot_nginx` 报的错
## 解决方案
首先我们执行下面的指令查看一下certbot的版本
```shell
[root@VM-0-12-centos /]# rpm -qa|grep certbot
certbot-1.11.0-1.el7.noarch
python2-certbot-1.11.0-1.el7.noarch
```
可以看到只有`certbot` 和 `python2-certbot` 两个插件,并没有`certbot-nginx`这个插件,我们是在`nginx`环境上安装证书,所以还需要 `python2-certbot-nginx` 插件,通过以下指令安装:
```shell
yum install python2-certbot-nginx
```
安装完成后再执行certbot就不会报错了。
## 更新证书
我们先执行 `certbot --nginx` ,然后根据提示输入自己的网站域名,结果发现报如下错:
```shell
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
```
这是因为我们的服务器不支持这种dns认证方式,我们换一种方式:
```shell
certbot certonly --preferred-challenges dns --manual -d *.xuweijin.com --server https://acme-v02.api.letsencrypt.org/directory
```
执行后,它会让我们去域名后台添加一条txt认证记录,添加完成后直接回车,可以看到新的ssl证书已经生成了。
```shell
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
```
之后我们重启nginx,新的证书就生效了。