The problem certainly occurs with certbot delete. I've had to work numerous help-seekers out of that mess.
1 Like
Well, no, not really a bug, the proper name probably is "omission": just something not implemented at all 
1 Like
I'm not sure that qualifies in comparison.
apt remove certbot
&
apt purge certbot
In my experience have very different results.
certbot delete {cert} will no doubt explicitly delete that cert.
@Gingko, where did you read that you should first purge certbot in order to install the snapd version?
But it won't fix the broken webserver configuration if the deleted certificate was active, which we've both dealt with many times. 
Can I say "off-topic"? [certbot delete wasn't run]
What was run can't be found in any guide [that I've seen]; yet people seem to think they they should "purge" certbot before moving to snapd version.
Maybe the wording should include that warning message in that instruction...
Like:
WARNING: Don't purge cerbot as that will also delete all your certs.
2 Likes
Don't delete Mozilla or you'll lose all your bookmarks. 
1 Like
You mean don't PURGE it - yeah!
The Purge - Wikipedia
...lives are at risk...
1 Like
Then again... if you uninstall Word you'll lose all your documents?
That's not right... 
It's all about expectation.
1 Like
And with purge in stead of remove you can expect to get rid of a lot of data.
2 Likes
I persist: no uninstallation method, neither remove nor purge, should delete any user data.
1 Like
Maybe you could contact the maintainers of apt and discuss the behaviour of their package directly with them.
2 Likes
Probably the correct people to talk with are the certbot package maintainers and not apt in general, as the postrm scripts are package specific.
3 Likes
True. A good example of a more friendly behavior is that demonstrated by openssh.
openssh-server.postrm
# Remove all non-conffiles that ssh might create, so that we
# can smoothly remove /etc/ssh if and only if the user
# hasn't dropped some other files in there. Conffiles have
# already been removed at this point.
This is only on example, but illustrates that your comment is correct. 
In essence as @rg305 points out "purge" and "remove" have distinct behavior(s)
purge = "rm -rf /etc/letsencrypt /var/log/letsencrypt" = everything is gone including certificates.
@Gingko envoked:
apt-get purge certbot
And the expected actions resulted.
certbot --help
Does not (and probably shouldn't) document this aspect of certbot package management.
However:
Remove certbot-auto and any Certbot OS packages states:
If you have any Certbot packages installed using an OS package manager like apt, dnf, or yum, you should remove them before installing the Certbot snap to ensure that when you run the command certbot the snap is used rather than the installation from your OS package manager. The exact command to do this depends on your OS, but common examples are:
sudo apt-get remove certbot
sudo dnf remove certbot
sudo yum remove certbot
In documenting the "snap package installation IMPLIES that certificate and a previous configuration are left intact. But that was not the choice of the OP, unfortunately.
https://certbot.eff.org/lets-encrypt/ubuntubionic-apache
As you have commented on many occasions, and I have quoted or paraphrased, "Fully read the documentation with understanding" so you KNOW what to expect as a result.
I believe that a better understanding of APT and the implications of it's switches are extremely important, especially in this case scenario.
3 Likes
To add (and in brief) about:
apt-get remove
apt-get purge
Taking action with the expectation that they will do the exact same thing (without any confirmation nor making a backup first) is reckless.
[especially when the instructions clearly state "remove" (not "purge")]
The only silver lining here is that LE certs are FREE and this is not a catastrophic financial blunder.
[like the guys that overly shorted GameStop - LOL]
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.