How do I clear the old data from the / etc / letsencrypt directory?

I am using certbot version 0.31 and it works on Ubuntu 18.04

How do I clear the old data from the / etc / letsencrypt directory?

I can't understand if there is any tool that cleans up archived data or if it needs to be done manually.

For example, there are many old certificates in the / etc / letsencrypt / acrhive / folder. What are they needed for?
I do not need to delete the certificate, since I am using it, but why do I need an archive of all certificates?

The / etc / letsencrypt / csr and / etc / letsencrypt / keys folder also contains a bunch of data related to the operation of the certbot.
It seems they can generally be removed safely.

If you do it manually, then I see the following algorithm.

  1. Go to the / etc / letsencrypt / live / folder
  2. There are symlinks to files in the / etc / letsencrypt / acrhive / folder
  3. We leave all these files, delete the rest.
  4. But in the folders / etc / letsencrypt / csr, / etc / letsencrypt / keys, we also leave only the last files. Or maybe we delete everything.

Is there a tool to clean up these files?
Well, in general, what thoughts do you have on this?

1 Like

You can delete files from /etc/letsencrypt/{csr,keys}/ at any time. They are there for archival purposes.

Don't touch anything inside /etc/letsencrypt/{live,archive}/, these are the certificates that Certbot is actively managing. If you wish to delete one of your certificates, you can do so with:

certbot delete --cert-name NAME

where NAME matches the directory name within /etc/letsencrypt/live/. That will delete the certificate from both the live and archive directories.


(The same goes for /etc/letsencrypt/renewal.)


Thanks for the help guys.

We already had 108323 files in the csr folder and it occupied 428M
And the keys folder contains the same number. :slight_smile:

In principle, after removing them, everything began to occupy 50Mb instead of ~ 1Gb
It suits me so well.

I will not touch the files in the archive folder. But I am still confused that there are certificates that have the date of creation on September 12, 2019.
Why is certbot needed? It's a super-expired certificate.


Thanks again.

1 Like

I think the answer is probably that it isn't needed, but nobody got around to implementing purging of old certificates and keys. There's an open issue to do that, but no progress as of yet.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.