--max-log-backups does not work for me

I am running certbot (1.23.0) on all of my machines (CentOS7.X, snapd) with the following command once a night:

/bin/certbot renew --max-log-backups 25 --non-interactive --no-bootstrap --no-self-upgrade --renew-hook /etc/letsencrypt_renewhook

yet every single machine has 300 logfiles or more.

Since I have the problem on every machine I have I can only assume "max-log-backups" does not work.

Just to be sure: am I doing something wrong?

The Certbot snap comes with its own systemd timer for automatic renewal. Setting up an additional cron job is not necessary.

These flags are related only to the deprecated certbot-auto script, you can remove them.

If you would like the Certbot renewal task to be affected by these flags, I suggest putting them in the global /etc/letsencrypt/cli.ini file:

 max-log-backups = 25
 renew-hook = /etc/letsencrypt_renewhook
2 Likes

Isn't --renew-hook written in the renewal configuration file? :confused:

1 Like

Yes, one could alternatively configure deploy_hook in the /etc/letsencrypt/renewal/*.conf file for that individual certificate.

I try to avoid giving advice which involves modifying the .conf files, at least until we have a better way to do it :sweat_smile: .

1 Like

cli.ini applies to every cert and it's supposed to be user editable.

The renewal configuration file is not supposed to be edited.

(I don't get setting the same renew hook for all certs, tho)

1 Like

I meant: if you run renew with a new option such as --renew-hook, wouldn't that new option be saved into the renewal conf file by Certbot itself? If not, why not?

2 Likes

Yes, OP could also run a force renewal with a --deploy-hook and avoid having to keep it in cli.ini. That's the recommendation in the documentation.

3 Likes

I just read all replies - I will take up some of the suggestions made, thank you.

However, nobody commented on the fact that "--max-log-backups 25" isn't working for me - at all, as the title of the topic suggests this is my problem and still is.

1 Like

It may have skipped that for several reasons.
Like:

  • because some of the other parameters were "obsolete" and conflicted/confused certbot
  • the expected log rotation service is not installed/supported by the underlying OS
    image

I would try it again without the "obsolete" parameters.

1 Like

Have you used --max-log-backups from the beginning? Or did you add this after you noticed you had numerous log files?

I ask because it may not behave as you expect. I thought it would immediately trim my log history to the max but it does not. It rotates the latest X (25) logs going forward but any beyond that are orphaned.

Could this explain your situation?

2 Likes

Interesting...
@jobst
What shows
ls -ltr | tail -n 30
[on that directory]

2 Likes

From the beginning.
At stages I actually have done a "rm -fr *" in the certbot logfile directory yet they still keep growing.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.