It might depend on what shell you're using.
Interactive/noninteractive detection doesn't always work right. And it might not be fixable.
2 Likes
Still, it should not delete all certs by default if it detects a non-interactive shell. That said, Certbot also doesn't do that. If I run certbot delete with --non-interactive, it errors out:
Missing command line flag or config entry for this setting:
Which certificate(s) would you like to delete?
example.com?
(You can set this with the --cert-name flag)
So it seems without a --cert-name, Certbot wouldn't even get to the whole yes/no delete stuff question: it would already error out.
Not sure how that would work if the non-interactive part was detected instead of manually entered on the command line with the --non-interactive option.
Hmm, using echo "" | certbot .. it looks like something doesn't go alright:
2023-12-06 18:53:39,694:WARNING:certbot._internal.display.obj:Skipped user interaction because Certbot doesn't appear to be running in a terminal. You should probably include --non-interactive or --force-interactive on the command line.
2023-12-06 18:53:39,694:DEBUG:certbot._internal.display.obj:Falling back to default True for the prompt:
The following certificate(s) are selected for deletion:
* example.com
WARNING: Before continuing, ensure that the listed certificates are not being used by any installed server software (e.g. Apache, nginx, mail servers). Deleting a certificate that is still being used will cause the server software to stop working. See https://certbot.org/deleting-certs for information on deleting certificates safely.
Are you sure you want to delete the above certificate(s)?
2023-12-06 18:53:39,695:INFO:certbot._internal.storage:Removed /tmp/certbottest/renewal/example.com.conf
2023-12-06 18:53:39,695:DEBUG:certbot._internal.storage:Removed /tmp/certbottest/live/example.com/cert.pem
2023-12-06 18:53:39,695:DEBUG:certbot._internal.storage:Removed /tmp/certbottest/live/example.com/privkey.pem
2023-12-06 18:53:39,695:DEBUG:certbot._internal.storage:Removed /tmp/certbottest/live/example.com/chain.pem
2023-12-06 18:53:39,695:DEBUG:certbot._internal.storage:Removed /tmp/certbottest/live/example.com/fullchain.pem
2023-12-06 18:53:39,695:DEBUG:certbot._internal.storage:Removed /tmp/certbottest/live/example.com/README
2023-12-06 18:53:39,695:DEBUG:certbot._internal.storage:Removed /tmp/certbottest/live/example.com
2023-12-06 18:53:39,695:DEBUG:certbot._internal.storage:Removed /tmp/certbottest/archive/example.com
2023-12-06 18:53:39,695:DEBUG:certbot._internal.display.obj:Notifying user: Deleted all files relating to certificate example.com.
I guess echo-ing "" results in selecting all the certificates in the first question.
2 Likes
I just wanted to note that: complicating all the above comments even more, the behavior of grep in situations like this is likely to change across operating systems, shells, and even versions.
I really misinterpreted @sspaulding's comments and position, until reading it and posting a long reply about how "there is no bug". This would be a huge bug if it's repeatable. Piping the output of a command into grep to filter and find the correct line/action is incredibly common in Linux/BSD systems, and one would expect Certbot's command line usage to be compatible with this - especially since certbot delete presents a list that must be read to find the id/line-number to invoke.
The output of certbot delete seems to be alphabetized though, which would create problems with potential race conditions across multiple invocations...
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.