I don’t really need 397 daily letsencrypt log files…
I confirm there are 836 log files in my server under
/var/log/letsencrypt/, one for each day since LE certificate was enabled.
It would be a nice #feature to configure logrotate for them!
Does anybody want to propose an implementation?
In the meantime, card added here: https://github.com/orgs/NethServer/projects/1#card-24898234
certbot docs the default log configuration starts rotating files at 1000 instances.
Certbot has its own logrotate feature, I prefer to not override it with a system one!
The manual note says
Some distributions, including Debian and Ubuntu, disable certbot’s internal log rotation in favor of a more traditional logrotate script. If you are using a distribution’s packages and want to alter the log rotation, check
/etc/logrotate.d/for a certbot rotation script.
I think the best approach is sending a patch to the EPEL package mantainer!
As you see, the log rotation is done by certbot itself, and there’s a command-line flag to change the number of logs to keep if desired. If there’s a perceived need to do this at all (which I question–the full 1000 files on my system take less than 8 MB), the only thing you should need to do is add
--max-log-backups nnn to the
certbot invocation that originally obtains the cert–any subsequent renewal attempts should use that setting automatically.