Remove interactive redirect ask

[ohemorange]

Fixes #7594.

Removes the code asking interactively if the user would like to add a redirect.

[bmw]

This change also has the effect of no longer setting up a redirect unless the user manually requested it with --redirect.

To fix this, I'd recommend keeping code like this here:

if config_name == "redirect" and config_value is None:
    config_value = True

[bmw]

Oh! I think we should also update the help text at

certbot/certbot/certbot/_internal/cli/__init__.py

Lines 323 to 329 in e4a0edc

	help="Automatically redirect all HTTP traffic to HTTPS for the newly "
	"authenticated vhost. (default: Ask)")
	helpful.add(
	"security", "--no-redirect", action="store_false", dest="redirect",
	default=flag_default("redirect"),
	help="Do not automatically redirect all HTTP traffic to HTTPS for the newly "
	"authenticated vhost. (default: Ask)")

.

EDIT: We should update --no-redirect too.

[ohemorange]

I decided not to remove these from security because they show up next to each other during all so I wanted to find a way that makes sense even if they're next to each other. I considered adding this one under redirect and run but honestly think we have enough flags there and we didn't need it there before.

[bmw]

Works for me!

In addition to my same comment about renew vs. install, my only concern here is what does true and false mean here in the context of a --no-redirect flag? Other --no-* flags we have such as --no-verify-ssl's help says:

  --no-verify-ssl       Disable verification of the ACME server's certificate.
                        (default: False)

where False is meant to mean the flag is not applied so the server's cert is verified. We have the opposite meaning with --no-redirect here.

To clear this up, what do you think about being very explicit and saying something like "enable a redirect with install and run, but not with enhance"? If we make this change I think we should probably do the same thing with the --redirect help.

[ohemorange]

yes, I love that, stateful booleans are inherently more confusing than idempotent statements.

[bmw]

Two nits about the help text, but this otherwise LGTM!

[bmw]

I don't think this flag will have any effect with certbot renew.

Suggested change

	"authenticated vhost. (default: False for enhance, True for renew and run)")
	"authenticated vhost. (default: False for enhance, True for install and run)")

[ohemorange]

ah yes I did mean install here, thanks!

[bmw]

Works for me!

In addition to my same comment about renew vs. install, my only concern here is what does true and false mean here in the context of a --no-redirect flag? Other --no-* flags we have such as --no-verify-ssl's help says:

  --no-verify-ssl       Disable verification of the ACME server's certificate.
                        (default: False)

where False is meant to mean the flag is not applied so the server's cert is verified. We have the opposite meaning with --no-redirect here.

To clear this up, what do you think about being very explicit and saying something like "enable a redirect with install and run, but not with enhance"? If we make this change I think we should probably do the same thing with the --redirect help.

[bmw]

LGTM!

I'm glad to have yet another issue we've been talking about for a long time resolved.