I posted a week or so in the Help section and got no response so I’m going to try here. Please move if it is the wrong section.
–max-log-backups is designed to limit the number of backups kept by certbot when it runs, but the way it has been implemented it looks like it can leave orphaned files behind.
Typically I run certbot by cron to check certificate expiry and --max-log-backups works fine (I set it to 200). If I then create a new certificate with certbot and don’t specify --max-log-backups, /var/log/letsencrypt/letsencrypt.log.200 goes to /var/log/letsencrypt/letsencrypt.log.201. The when certbot runs again from cron with --max-log-backups, this file (.201) gets orphaned. The old .200 gets deleted, and .199 goes to .200 and all the rest get rotated as well. This .201 file is then stuck there for life, Run certbot again without --max-log-backups then .201 goes to .202, you get a new .201 and both get orphaned and so on.
I would have thought that if --max-log-backups were set, then first off, all log files >= --max-log-backups should get deleted and not just the .200 file.
Have I missed something somewhere?