This seems to be a problem for people hosting lots of domains on a server. I don't know anything about the software so I'm not sure who should be looking at this. If this isn't the place, I'd appreciate a pointer to the proper place.
You should NOT use the ubuntu Certbot package. Instead you should use the snapd distribution. Certbot stopped supporting distributions in favor of snapd several years ago; their team recommends against using distribution packages because they are often seriously out of date and miss important fixes and updates.
you can delete the /csr/ files. they are only there for archives/backups and are not used for renewal.
See: How do I clear the old data from the / etc / letsencrypt directory? - #2 by _az
Adding:
This was fixed in newer versions than what your ubuntu is running.
Ticket: Purge old private key material · Issue #4635 · certbot/certbot · GitHub
Fixed in: Deprecate {csr, keys} dirs & automatically truncate lineages by alexzorin · Pull Request #9537 · certbot/certbot · GitHub
Release: (certbot/certbot/CHANGELOG.md at main · certbot/certbot · GitHub)
2.3.0 - 2023-02-14
- Certbot will no longer save previous CSRs and certificate private keys to
/etc/letsencrypt/csr
and/etc/letsencrypt/keys
, respectively. These directories may be safely deleted.
Thank you. Webmin/Virtualmin typically manage and rely on packages provided by the distro. As this was brought up by a user they can now use this information the way the best see fit. It's a small team and I was just trying to help by doing some 'leg work' for them. The only way I can help with coding is by NOT.