What is the safest way to clean up /boot partition?

Command line method:

First check your kernel version, so you won't delete the in-use kernel image, running:

uname -r

Now run this command for a list of installed kernels:

dpkg --list 'linux-image*' | grep ^ii

and delete the kernels you don't want/need anymore by running this:

sudo apt-get remove linux-image-VERSION

Replace VERSION with the version of the kernel you want to remove.

When you're done removing the older kernels, you can run this to remove ever packages you won't need anymore:

sudo apt-get autoremove

And finally you can run this to update grub kernel list:

sudo update-grub

NOTE: this is only if you can't use apt to clean up due to a 100% full /boot

If apt-get isn't functioning because your /boot is at 100%, you'll need to clean out /boot first. This likely has caught a kernel upgrade in a partial install which means apt has pretty much froze up entirely and will keep telling you to run apt-get -f install even though that command keeps failing.

Get the list of kernel images and determine what you can do without. This command will show installed kernels except the currently running one sudo dpkg --list 'linux-image*'|awk '{ if ($1=="ii") print $2}'|grep -v `uname -r`. Note the two newest versions in the list. You don't need to worry about the running one as it isn't listed here. You can check that with uname -r.

Craft a command to delete all files in /boot for kernels that don't matter to you using brace expansion to keep you sane. Remember to exclude the current and two newest kernel images. Example: sudo rm -rf /boot/*-3.2.0-{23,45,49,51,52,53,54,55}-*. You can also use a range with the syntax {80..84}.

sudo apt-get -f install to clean up what's making apt grumpy about a partial install.

If you run into an error that includes a line like "Internal Error: Could not find image (/boot/vmlinuz-3.2.0-56-generic)", then run the command sudo apt-get purge linux-image-3.2.0-56-generic (with your appropriate version).

Finally, sudo apt-get autoremove to clear out the old kernel image packages that have been orphaned by the manual boot clean.

Suggestion, run sudo apt-get update and sudo apt-get upgrade to take care of any upgrades that may have backed up while waiting for you to discover the full /boot partition.

Suggestion2, Review https://help.ubuntu.com/community/AutomaticSecurityUpdates and consider setting Unattended-Upgrade::Remove-Unused-Dependencies to true in /etc/apt/apt.conf.d/50unattended-upgrades. This will be the equivalent of running autoremove after each security updates to be sure you clean out unused kernels but will also remove other things it thinks are unused saving you from this problem in the future.

There is documentation about this at https://help.ubuntu.com/community/RemoveOldKernels

In summary: Use

sudo apt-get autoremove --purge
# and/or:
sudo purge-old-kernels

The purge-old-kernels tool can be installed via sudo apt install byobu. Here is the description from its man-page:

This program will remove old kernel and header packages from the system, freeing disk space. It will never remove the currently running kernel. By default, it will keep at least the latest 2 kernels, but the user can override that value using the --keep parameter.

If you want a copy-paste solution, ReSearchIT Eng suggested the following:

sudo apt install -y byobu
sudo purge-old-kernels -y --keep 1
sudo apt-get -y autoremove --purge