It might depend on what shell you're using.
Interactive/noninteractive detection doesn't always work right. And it might not be fixable.
It might depend on what shell you're using.
Interactive/noninteractive detection doesn't always work right. And it might not be fixable.
Still, it should not delete all certs by default if it detects a non-interactive shell. That said, Certbot also doesn't do that. If I run certbot delete
with --non-interactive
, it errors out:
Missing command line flag or config entry for this setting:
Which certificate(s) would you like to delete?
example.com?
(You can set this with the --cert-name flag)
So it seems without a --cert-name
, Certbot wouldn't even get to the whole yes/no delete stuff question: it would already error out.
Not sure how that would work if the non-interactive part was detected instead of manually entered on the command line with the --non-interactive
option.
Hmm, using echo "" | certbot ..
it looks like something doesn't go alright:
2023-12-06 18:53:39,694:WARNING:certbot._internal.display.obj:Skipped user interaction because Certbot doesn't appear to be running in a terminal. You should probably include --non-interactive or --force-interactive on the command line.
2023-12-06 18:53:39,694:DEBUG:certbot._internal.display.obj:Falling back to default True for the prompt:
The following certificate(s) are selected for deletion:
* example.com
WARNING: Before continuing, ensure that the listed certificates are not being used by any installed server software (e.g. Apache, nginx, mail servers). Deleting a certificate that is still being used will cause the server software to stop working. See https://certbot.org/deleting-certs for information on deleting certificates safely.
Are you sure you want to delete the above certificate(s)?
2023-12-06 18:53:39,695:INFO:certbot._internal.storage:Removed /tmp/certbottest/renewal/example.com.conf
2023-12-06 18:53:39,695:DEBUG:certbot._internal.storage:Removed /tmp/certbottest/live/example.com/cert.pem
2023-12-06 18:53:39,695:DEBUG:certbot._internal.storage:Removed /tmp/certbottest/live/example.com/privkey.pem
2023-12-06 18:53:39,695:DEBUG:certbot._internal.storage:Removed /tmp/certbottest/live/example.com/chain.pem
2023-12-06 18:53:39,695:DEBUG:certbot._internal.storage:Removed /tmp/certbottest/live/example.com/fullchain.pem
2023-12-06 18:53:39,695:DEBUG:certbot._internal.storage:Removed /tmp/certbottest/live/example.com/README
2023-12-06 18:53:39,695:DEBUG:certbot._internal.storage:Removed /tmp/certbottest/live/example.com
2023-12-06 18:53:39,695:DEBUG:certbot._internal.storage:Removed /tmp/certbottest/archive/example.com
2023-12-06 18:53:39,695:DEBUG:certbot._internal.display.obj:Notifying user: Deleted all files relating to certificate example.com.
I guess echo-ing ""
results in selecting all the certificates in the first question.
I just wanted to note that: complicating all the above comments even more, the behavior of grep
in situations like this is likely to change across operating systems, shells, and even versions.
I really misinterpreted @sspaulding's comments and position, until reading it and posting a long reply about how "there is no bug". This would be a huge bug if it's repeatable. Piping the output of a command into grep to filter and find the correct line/action is incredibly common in Linux/BSD systems, and one would expect Certbot's command line usage to be compatible with this - especially since certbot delete
presents a list that must be read to find the id/line-number to invoke.
The output of certbot delete
seems to be alphabetized though, which would create problems with potential race conditions across multiple invocations...
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.