Daily letsencrypt log files rotation

I don’t really need 397 daily letsencrypt log files…

I confirm there are 836 log files in my server under /var/log/letsencrypt/, one for each day since LE certificate was enabled.

It would be a nice #feature to configure logrotate for them!

Does anybody want to propose an implementation?

In the meantime, card added here: https://github.com/orgs/NethServer/projects/1#card-24898234

1 Like

According to certbot docs the default log configuration starts rotating files at 1000 instances.

Certbot has its own logrotate feature, I prefer to not override it with a system one!

1 Like

The manual note says

Some distributions, including Debian and Ubuntu, disable certbot’s internal log rotation in favor of a more traditional logrotate script. If you are using a distribution’s packages and want to alter the log rotation, check /etc/logrotate.d/ for a certbot rotation script.

I think the best approach is sending a patch to the EPEL package mantainer!

1 Like

As you see, the log rotation is done by certbot itself, and there’s a command-line flag to change the number of logs to keep if desired. If there’s a perceived need to do this at all (which I question–the full 1000 files on my system take less than 8 MB), the only thing you should need to do is add --max-log-backups nnn to the certbot invocation that originally obtains the cert–any subsequent renewal attempts should use that setting automatically.