Docker - delete certificate with v1.10.0+ hangs forever

My domain is:
does not matter

I ran this command:
docker run -t --rm -v /services/nginx/conf/letsencryptcertificates:/etc/letsencrypt -v /services/nginx/certdata:/data/letsencrypt certbot/certbot:v1.10.0 delete --cert-name any.certificate

It produced this output:
Hangs forever after the confirmation prompt. It doesn't matter wheter I say that I don't want to delete or if the certificate does not exists, it hangs

Saving debug log to /var/log/letsencrypt/letsencrypt.log


The following certificate(s) are selected for deletion:

  • any.certificate

Are you sure you want to delete the above certificate(s)?


(Y)es/(N)o: Y

With 1.9.0 it works fine (in this case it says that the certificate does not exist, which is correct)

~$ docker run -t --rm -v /services/nginx/conf/letsencryptcertificates:/etc/letsencrypt -v /services/nginx/certdata:/data/letsencrypt certbot/certbot:v1.9.0 delete --cert-name any.certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
No certificate found with name any.certificate (expected /etc/letsencrypt/renewal/any.certificate.conf).

My web server is (include version):
does not apply

The operating system my web server runs on is (include version):
Ubuntu 18.04

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

What's the output of /var/log/letsencrypt/letsencrypt.log? Although I'm afraid the delete subcommand might have few log entries.

Hi @cocorossello

I'm not firm with docker.

Waiting -> user input required.

Certbot has a

--non-interactive

parameter, may be that helps.

https://certbot.eff.org/docs/using.html

1 Like

Yes, in 1.10 there ws a change to have double-confirmation of certificate deletions. This is because it was too easy to accidentally delete the wrong certificate or all of your certificates, someting which cannot be undone.

When you expect Certbot to run non-interactively, it is always best to use the --non-interactive/-n flag.

If running Certbot interactively via Docker, then you should pass both -t and also -i to Docker, and this will prevent the hang. This flag is shown on https://certbot.eff.org/docs/install.html#running-with-docker but it's possible that we should emphasize it much more strongly.

3 Likes

Hi,

I confirm that both ways (--non-interactive or docker -it) do work with 1.10.0.

I didn't check those flags as they were working before (but I did have the certificate creation with the -it docker flag).

Thank you.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.