Log rotation configuration

Is there any way to change the configuration of the log rotation method done by certbot? I know I can configure the number of logs (1000 as a default seems very high but that I can at least change), but I don’t see any way to change the naming of the logs. Specifically, the logs are named log/letsencrypt/letsencrypt.log, log/letsencrypt/letsencrypt.log.1, etc, and what’s annoying is that all the logs renumber every day (1 becomes 2, 2 becomes 3, etc). This means that if you do backups of your server (and you are doing backups, right?!), every day every single log is re-backed up, because each file is essentially new as the name has changed.

Most log rotation methods therefore use dates to tag the rotated logs, instead of numbers. This way the historical logs don’t change name once they’re created, and logs from specific dates can be easily found.

I propose that log rotation changes to this date method. If my Python skills weren’t rusty I’d put in a PR myself, but that would be ugly!

1 Like

Certbot is hardcoded to use RotatingFileHandler.

But there is a way to use your own log rotation instead. In fact, certain Certbot distributions already do this:

$ cat /etc/letsencrypt/cli.ini
# Because we are using logrotate for greater flexibility, disable the
# internal certbot logrotation.
max-log-backups = 0

and:

$ cat /etc/logrotate.d/certbot
/var/log/letsencrypt/*.log {
    rotate 12
    weekly
    compress
    missingok
}

I’m not sure if the Certbot project would be willing to change its default (you could propose it at https://github.com/certbot/certbot/issues), but at least for your own installations, you could add dateext to the logrotate config to get the desired effect.

1 Like

Thanks, I saw this, and dropped it into place. I’ve also created an issue here in case anyone wants to follow: https://github.com/certbot/certbot/issues/7644

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.