If we can, depending on the details of the issue and the timing of the next cryptography release, we should try repin cryptography before releasing Certbot 1.32.0.

https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html

Our snaps are running cryptography 38.0.1 wheels with OpenSSL 3.0.5.