Pem files being created every minute in /etc/letsencrypt/keys/


#1

My domain is: austnet.org

I ran this command:

It produced this output:

My web server is (include version): apache 2.4.7

The operating system my web server runs on is (include version): ubuntu 14.04.5 lts

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Hi folks,

As per topic LE appears automatically generating new keys every minute in folder /etc/letsencrypt/keys/

Please refer: https://www.austnet.org/images/lotsofkeys.png

Any suggestions on fixing this issue?

FYI, I’ve deleted a massive bunch already, it was up to 18k files until I realized this was happening.

Thanks in advance.


#2

Hi @grug0r,

You should check your cron job because seems it is being executed every minute, I don’t know if you are using certbot or certbot-auto so:

If using certbot:

cat /etc/cron.d/certbot
systemctl list-timers certbot.timer

If using certbot-auto maybe you created a cron job for root user:

crontab -l

Cheers,
sahsanu


#3

See what it’s doing in /var/log/letsencrypt/. There should be a massive amount of logs.

For that matter, since it’s running so predictably, you can also try to catch it with “ps aux” or whatever.


#4

Thank you for getting help to me so quickly. I will check all suggested methods and post the solution.


#5

Yep, the cron job was indeed executing every minute :thinking:

I blame my web guy.

Thanks for the help.


#6

There’s also the question of what it was doing.

It’s unusual for Certbot to be generating a key every time it’s run. It’s trying to issue a certificate, and probably failing.

What command is being run? “certbot renew”? Something else?

Is it trying to renew a certificate? Has the certificate already expired? Do you need to fix it, or can you delete it?

certbot certificates” can display the certificates it’s currently managing.