diff --git a/src/rust/src/error.rs b/src/rust/src/error.rs
index 62b1ff4a6daa..380531c65509 100644
--- a/src/rust/src/error.rs
+++ b/src/rust/src/error.rs
@@ -2,6 +2,7 @@
 // 2.0, and the BSD License. See the LICENSE file in the root of this repository
 // for complete details.
 
+use pyo3::prelude::PyListMethods;
 use pyo3::ToPyObject;
 
 use crate::exceptions;
@@ -32,8 +33,8 @@ impl From<pyo3::PyErr> for CryptographyError {
     }
 }
 
-impl From<pyo3::PyDowncastError<'_>> for CryptographyError {
-    fn from(e: pyo3::PyDowncastError<'_>) -> CryptographyError {
+impl From<pyo3::DowncastError<'_, '_>> for CryptographyError {
+    fn from(e: pyo3::DowncastError<'_, '_>) -> CryptographyError {
         CryptographyError::Py(e.into())
     }
 }
@@ -83,12 +84,12 @@ impl From<cryptography_key_parsing::KeyParsingError> for CryptographyError {
 pub(crate) fn list_from_openssl_error(
     py: pyo3::Python<'_>,
     error_stack: openssl::error::ErrorStack,
-) -> &pyo3::types::PyList {
-    let errors = pyo3::types::PyList::empty(py);
+) -> pyo3::Bound<'_, pyo3::types::PyList> {
+    let errors = pyo3::types::PyList::empty_bound(py);
     for e in error_stack.errors() {
         errors
             .append(
-                pyo3::PyCell::new(py, OpenSSLError { e: e.clone() })
+                pyo3::Bound::new(py, OpenSSLError { e: e.clone() })
                     .expect("Failed to create OpenSSLError"),
             )
             .expect("Failed to append to list");
@@ -186,10 +187,12 @@ impl OpenSSLError {
 }
 
 #[pyo3::prelude::pyfunction]
-pub(crate) fn capture_error_stack(py: pyo3::Python<'_>) -> pyo3::PyResult<&pyo3::types::PyList> {
-    let errs = pyo3::types::PyList::empty(py);
+pub(crate) fn capture_error_stack(
+    py: pyo3::Python<'_>,
+) -> pyo3::PyResult<pyo3::Bound<'_, pyo3::types::PyList>> {
+    let errs = pyo3::types::PyList::empty_bound(py);
     for e in openssl::error::ErrorStack::get().errors() {
-        errs.append(pyo3::PyCell::new(py, OpenSSLError { e: e.clone() })?)?;
+        errs.append(pyo3::Bound::new(py, OpenSSLError { e: e.clone() })?)?;
     }
     Ok(errs)
 }
@@ -210,8 +213,7 @@ mod tests {
             let py_e: pyo3::PyErr = e.into();
             assert!(py_e.is_instance_of::<pyo3::exceptions::PyMemoryError>(py));
 
-            let e: CryptographyError =
-                pyo3::PyDowncastError::new(py.None().as_ref(py), "abc").into();
+            let e: CryptographyError = pyo3::DowncastError::new(py.None().bind(py), "abc").into();
             assert!(matches!(e, CryptographyError::Py(_)));
 
             let e = cryptography_key_parsing::KeyParsingError::OpenSSL(
diff --git a/src/rust/src/x509/extensions.rs b/src/rust/src/x509/extensions.rs
index 54cf0d555e3a..eede1e5c0ab9 100644
--- a/src/rust/src/x509/extensions.rs
+++ b/src/rust/src/x509/extensions.rs
@@ -8,6 +8,7 @@ use crate::asn1::{py_oid_to_oid, py_uint_to_big_endian_bytes};
 use crate::error::{CryptographyError, CryptographyResult};
 use crate::x509::{certificate, sct};
 use crate::{types, x509};
+use pyo3::prelude::PyAnyMethods;
 use pyo3::PyNativeType;
 
 fn encode_general_subtrees<'a>(
@@ -375,16 +376,16 @@ fn encode_tls_features(py: pyo3::Python<'_>, ext: &pyo3::PyAny) -> CryptographyR
 fn encode_scts(ext: &pyo3::PyAny) -> CryptographyResult<Vec<u8>> {
     let mut length = 0;
     for sct in ext.iter()? {
-        let sct = sct?.downcast::<pyo3::PyCell<sct::Sct>>()?;
-        length += sct.borrow().sct_data.len() + 2;
+        let sct = sct?.as_borrowed().downcast::<sct::Sct>()?.clone();
+        length += sct.get().sct_data.len() + 2;
     }
 
     let mut result = vec![];
     result.extend_from_slice(&(length as u16).to_be_bytes());
     for sct in ext.iter()? {
-        let sct = sct?.downcast::<pyo3::PyCell<sct::Sct>>()?;
-        result.extend_from_slice(&(sct.borrow().sct_data.len() as u16).to_be_bytes());
-        result.extend_from_slice(&sct.borrow().sct_data);
+        let sct = sct?.as_borrowed().downcast::<sct::Sct>()?.clone();
+        result.extend_from_slice(&(sct.get().sct_data.len() as u16).to_be_bytes());
+        result.extend_from_slice(&sct.get().sct_data);
     }
     Ok(asn1::write_single(&result.as_slice())?)
 }
@@ -444,7 +445,9 @@ pub(crate) fn encode_extension(
         &oid::INHIBIT_ANY_POLICY_OID => {
             let intval = ext
                 .getattr(pyo3::intern!(py, "skip_certs"))?
-                .downcast::<pyo3::types::PyLong>()?;
+                .as_borrowed()
+                .downcast::<pyo3::types::PyLong>()?
+                .clone();
             let bytes = py_uint_to_big_endian_bytes(ext.py(), intval.as_borrowed().to_owned())?;
             Ok(Some(asn1::write_single(
                 &asn1::BigUint::new(bytes).unwrap(),
@@ -491,7 +494,9 @@ pub(crate) fn encode_extension(
         &oid::CRL_NUMBER_OID | &oid::DELTA_CRL_INDICATOR_OID => {
             let intval = ext
                 .getattr(pyo3::intern!(py, "crl_number"))?
-                .downcast::<pyo3::types::PyLong>()?;
+                .as_borrowed()
+                .downcast::<pyo3::types::PyLong>()?
+                .clone();
             let bytes = py_uint_to_big_endian_bytes(ext.py(), intval.as_borrowed().to_owned())?;
             Ok(Some(asn1::write_single(
                 &asn1::BigUint::new(bytes).unwrap(),