Certbot --max-log-backups not working as expected

I posted a week or so in the Help section and got no response so I’m going to try here. Please move if it is the wrong section.

–max-log-backups is designed to limit the number of backups kept by certbot when it runs, but the way it has been implemented it looks like it can leave orphaned files behind.

Typically I run certbot by cron to check certificate expiry and --max-log-backups works fine (I set it to 200). If I then create a new certificate with certbot and don’t specify --max-log-backups, /var/log/letsencrypt/letsencrypt.log.200 goes to /var/log/letsencrypt/letsencrypt.log.201. The when certbot runs again from cron with --max-log-backups, this file (.201) gets orphaned. The old .200 gets deleted, and .199 goes to .200 and all the rest get rotated as well. This .201 file is then stuck there for life, Run certbot again without --max-log-backups then .201 goes to .202, you get a new .201 and both get orphaned and so on.

I would have thought that if --max-log-backups were set, then first off, all log files >= --max-log-backups should get deleted and not just the .200 file.

Have I missed something somewhere?

Hi @NickJH,

I would expect the same behaviour but maybe certbot developers have other opinion :wink:

You could also open an issue on certbot’s github site https://github.com/certbot/certbot/issues

@bmw, could you please take a look?.

Cheers,
sahsanu

I reproduced this behavior and created https://github.com/certbot/certbot/issues/5575 to track the issue. We’re just relying on the Python standard library for our log rotation but we could add extra code around it to delete older logfiles.

2 Likes

Thanks for confirming it and filing the bug. Nick

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.