Feedback to letsencrypt-auto (--help should do nothing but print a help message)

[monkz]

Hi,
today was my first encounter with letsencrypt-auto and i was overwhelmed by a bootstrapping script.
I was overwhelmed, because i just typed "./letsencrypt --help" - expecting letsecrypt printing a help message and exit. (Ok - maybe it can check if the system is already bootstrapped - but only check)

I've a rather "complex" setup on my server (nginx proxies to different VMs + some other rules including TLS SNI) for a automated script. So i would have tried the --manual or --webroot plugin and script my own automation around it. Therefore, is it really necessary to have all those dependencies? Would a tool for semi automatic letsencrypt have less dependencies?

But anyway a really big thanks, to you all, for creating a automated and FREE CA.

Greetings
MonkZ

[larsen0815]

+1
"--help" should not install anything

[pdkl95]

This was extremely surprising to see my package manger start to run when I simply asked for documentation. I understand that the "real" help text isn't ready at that point, so the help text can simply be an brief explanation like this when someone runs --help:

The proper --help documentation  will not be available until the required packages
have been installed. Run letsencrpt-auto again without --help to automatically install
the required packages with your systems package manager. Afterwords, running 
"letsencrypt-auto --help" again will show the proper documentation.

Or something like that.

The --help option has a well-known meaning, that every command should follow:
https://www.gnu.org/prep/standards/html_node/Command_002dLine-Interfaces.html
https://www.gnu.org/prep/standards/html_node/_002d_002dhelp.html#g_t_002d_002dhelp

[aaron-em]

👍

[lorenzhs]

See also #1286, #1337

[monkz]

Thanks @lorenzhs for referencing,
#1286 is closed and i say it with @clayt0nk s words: "When I see applications installing things without my permission, I get more than a little twitchy....."

[lorenzhs]

Yeah, I know it's closed and I agree that installation should be separated from operation — I just wanted to link the previous discussion :)

[anthony-geoghegan]

I finally decided to try Let’s Encrypt on my personal Ubuntu 12.04 LTS server and followed the How it works documentation as a quick guide to “Getting Started”.

After cloning the git repository, I ran the letsencrypt-auto –help command and was very much taken aback by the way it installed augeas-lenses and libaugeas0 packages with a number of python libraries and created a Python 2.7 virtual environment in ~/.local/share/letsencrypt.

While I’m aware that this is beta software, this breaks the principle of least surprise and I agree with others that running any command with the --help option should only print a help message without requiring superuser privileges to do so.

I’d much prefer the application to print a message stating that not all the necessary components are installed and to either:

1. print a message asking me to manually install those packages
2. include a --auto-update or --self-update option to automatically install the necessary software and update itself.

At the very least, it should prompt the user to ask for permission.

I later discovered the User Guide which warns that running ./letsencrypt-auto without any options will install dependencies and create the virtual environment and from reading Discourse threads, I’ve learned that

letsencrypt-auto itself does not have a --help switch. It's just a wrapper around the letsencrypt client. Your --help switch would have been passed to that command, but would not have bypassed all the installation parts of the wrapper script.

I think this could be made clearer in the How it works page.

I hope this feedback is useful.

[pmorch]

As an easy fix / workaround for debian-based systems, I'd like to suggest removing the -y from apt-get install -y $packages. That way the user is at least prompted with a familiar interface if it is ok to install packages on the system, and given an option to decline.

[ghost]

+1

--help should not require sudo or start installing packages.