Installing certbot via apt vs snap vs pip

I'm trying to understand the ever-evolving installation requirements for certbot (which I have used since around 2015/16 or so) . I don't use snapd for many reasons but a main one is the fact that most of my servers are plain headless servers running Ubuntu Server rather than Ubuntu Desktop, so I'm trying to understand why it is that certbot installation is currently through snap or pip now? I will be upgrading an older apache server with quite a few vhosts at some point and I do use letsencrypt extensively on it so I'd rather not run into any unpleasant surprises.

It is a fair question but one probably best asked at the EFF's github for Certbot. Their dev team monitors activity there more closely than here. See: Issues · certbot/certbot · GitHub

I don't speak for the EFF but I think their recent website change about install options is to only show options that gives you ability to keep Certbot current. Relying on apt or other packaging systems can often leave you far behind the current version.

OK, thanks for the redirect. Keeping super current, I suppose that's fair, OTOH I generally run LTS distros so I'm always a little behind the latest and greatest anyway, which I'm okay with. I like to watch other people on the bleeding edge before it's my turn to shed blood

I didn't think Ubuntu Desktop was a requirement for snap. I've got it available on headless Ubuntu Server installs as old as as 20.04 LTS.

Snap is advised as the "basic" option because all the dependencies are managed and updated automatically.

pip is supported, but users who don't understand pip may run into issues. If you have configuration management or other tooling and can manage pip and upgrades, that works fine. Certbot pip instructions

apt packages from your OS aren't directly supported by the certbot team, as they can get out of date (especially, eg, in an LTS distro). But generally still works.

I recommend you look into Apache mod_md. I moved all of my Apache vhosts from certbot to mod_md years ago and it is definitely the way to manage certificates used by Apache.

On the one Debian host where I run certbot to create a certificate used by services other than Apache, I use pip with a cron job that keeps it up to date. It's a better option for me than installing snapd on a server that otherwise would have no need for it.