Certbot Delete used with | and grep deletes all SSL's

sspaulding · December 5, 2023, 11:25pm

and yes, I re-read the log lines and ya it defaulted the entry to TRUE as a fallback for the prompt.

2023-12-05 15:40:34,668:WARNING:certbot._internal.display.obj:Skipped user interaction because Certbot doesn't appear to be running in a terminal. You should probably include --non-interactive or --force-interactive on the command line.
2023-12-05 15:40:34,669:DEBUG:certbot._internal.display.obj:Falling back to default True for the prompt:
The following certificate(s) are selected for deletion:

This seems very bad IMO because if you can't validate an input it should be false not true. especially in the case of a delete function.

rg305 · December 5, 2023, 11:30pm

And they were deleted?

MikeMcQ · December 5, 2023, 11:30pm

I agree with you there. Even if you hadn't hidden the warning lines with that grep I would like to see needing to type something like Y or whatever to confirm bulk delete.

sspaulding · December 5, 2023, 11:39pm

yup, the grepped SSL was deleted, along with all other SSL's :S

sspaulding · December 5, 2023, 11:40pm

ya I would expect it to give some sort of warning or at the very least default to False as it has no way of knowing what the intended option would be.

MikeMcQ · December 5, 2023, 11:44pm

It did give a warning but your grep hid that. I just agree that more confirmation would be prudent for a bulk action like that.

Another complicating factor is the warning about not running in a terminal. I don't know why it would have said that but I think that contributed to whatever happened here. Usually you only see that when running as a cron job or as background task. Not interactively on a command prompt

sspaulding · December 5, 2023, 11:45pm

agreed.

lesson learned, I shared my experience with you guys to not do what I did and submitted a bug report. hopefully some improvements come from this but otherwise, i'm just never using grep with certbot delete ever again lol

rg305 · December 5, 2023, 11:48pm

Wow!
Even if the screen went blank and you hit enter a few times.
The defaults should NEVER be "delete" and "Y".

Osiris · December 6, 2023, 11:27am

Well, I guess that's a little bit "by design", sort of.

I've implemented this notification/question in Certbot. Before that, there was NO question asked AT ALL: if you ran certbot delete it would simply delete all certs without questions asked.

Thus, adding a question was already a HUGE improvement.

However, in this design, no difference between with or without --cert-name has been made. Perhaps it was a little bit a "quick fix", maybe not much thought went into it. But for certbot delete --cert-name the default of "yes" makes sense if you'd like to run those things with the --non-interactive flag.

While I think piping the output to grep and expecting correct behaviour of Certbot is not something you could expect, I agree that it's not expected behaviour to delete everything when using certbot delete without --cert-name in combination of a situation where the terminal seems to be non-interactive. So personally I'd like an addition to the code to make the default option of the question dependable of --cert-name with or without a dependency of explicit --non-interactive option or the implicit detection of a non-interactive terminal such as when piping the output.

MikeMcQ · December 6, 2023, 1:17pm

That's a funny thing ... I don't get the same "Skipped User Interaction ..." message just by adding a pipe to grep.

I am on a vanilla Ubuntu 22 and no custom cli.ini or such with Certbot. What else could have caused that?

sudo certbot delete | grep "test"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
2: test.x.x
^CExiting due to user request.

A Ctrl-C was needed to cancel the bulk delete. Which I think we all agree isn't the best

sspaulding · December 6, 2023, 1:30pm

that indeed is interesting, as I tried the command on 2 other systems using default cli.ini files and both had the same results.

Your result is what I remember happening, as I recall doing this before without any issues.

what version of certbot are you using?

MikeMcQ · December 6, 2023, 1:33pm

This one from snap ...

Is this to say your other system had something relevant in cli.ini?

sspaulding · December 6, 2023, 1:39pm

i'm not sure. I just double checked and see the cli.ini file isn't there on one server and is present on another only setting the max-log-backups.

All other options are using the defaults.

Are you doing anything different in your cli.ini?

MikeMcQ · December 6, 2023, 1:42pm

I don't have a cli.ini (that is the default)

sspaulding · December 6, 2023, 1:45pm

well that's weird. only real difference then is i'm on U20.04

MikeMcQ · December 6, 2023, 1:50pm

That's unlikely the key difference I just wanted to make sure Osiris saw that it wasn't just the pipe that did that. I know he normally runs Gentoo rather than Ubuntu

It's best now to leave it to the Certbot devs at the github or people like @Osiris who contribute to it. They can read the Python code and see exactly how that happens.

Osiris · December 6, 2023, 3:18pm

How did you install Certbot @sspaulding?

sspaulding · December 6, 2023, 4:08pm

I ran sudo snap install --classic certbot

I also had to run sudo snap set certbot trust-plugin-with-root=ok and for some of our integrations we use DNS challenge so had to install that plugin sudo snap install certbot-dns-dnsmadeeasy

Osiris · December 6, 2023, 4:38pm

Hm, I also don't seem to be able to reproduce what you got. This is the only contents of the letsencrypt.log:

2023-12-06 17:37:46,561:DEBUG:certbot._internal.main:certbot version: 2.8.0
2023-12-06 17:37:46,561:DEBUG:certbot._internal.main:Location of certbot entry point: /tmp/certbottest/bin/certbot
2023-12-06 17:37:46,561:DEBUG:certbot._internal.main:Arguments: ['--config-dir', '.', '--work-dir', '.', '--logs-dir', '.', '--server', 'https://localhost:14000/dir', '--register-unsafely-without-email', '--no-verify-ssl']
2023-12-06 17:37:46,561:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-12-06 17:37:46,570:DEBUG:certbot._internal.log:Root logging level set at 30
2023-12-06 17:37:51,809:ERROR:certbot._internal.log:Exiting due to user request.

(Note that this is from a test environment in a venv, but I don't think it should matter as Mike also used snap to install Certbot and also wasn't able to reproduce the issue. I also had to manually remove --non-interactive from the certbot_call.py file which is calling Certbot)

Can you perhaps share your entire log file from when Certbot deleted everything?

sspaulding · December 6, 2023, 4:56pm

in my personal server, which was doing the same thing yesterday it's no longer doing it today.

If I press ctrl+c, it cancels correctly, yesterday I got the non-interactive error.

if I press enter, it deletes everything.

I'll have to try and recreate it to get you accurate logs, as i'm not able to reproduce the exact same behaviour as yesterday.