Proper housekeeping of /etc/letsencrypt

jimdunn · June 4, 2025, 9:11pm

I see that google says read this article about how to remove old files from /etc/letsencrypt:

But the answer was "it's ok to remove {csr,keys}" just don't touch anything else.

I would like to know if I can remove ALL files from /etc/letsencrypt if they are older than 90 days.

Can I use a script like this:

#!/bin/bash

files=/etc/letsencrypt
if [[ -d $files ]]; then
  /usr/bin/find $files -ctime +90 -not -type d -delete > /dev/null
fi

The info in For "manual" DNS-challenge: Can we delete the seemingly "non core" files in /etc/letsencrypt (besides the 4, core *.pem files) and still properly function? makes it "seem" that I could do so.

Please let me know if the above script would break LetsEncrypt. Thx!

MikeMcQ · June 4, 2025, 9:21pm

No, newer version of Certbot will keep your .../archive/.. folder smaller on its own. And, the ACME Account registration and Certbot renewal config files are useful. I am pretty sure Certbot uses that renewal config file even when purely manual options used (especially if using recommended hooks). I doubt certbot certificates command would work without that.

What version of Certbot are you using?

system · July 4, 2025, 9:22pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How do I clear the old data from the / etc / letsencrypt directory? Help	5	10237	April 4, 2021
Delete Expired Certificates II Help	19	4157	December 22, 2022
Delete old files in /etc/letsencrypt/archive Help	5	6139	January 14, 2017
Remove all generated CSR to free disk space Help	10	5543	December 26, 2018
Cleaning up renewals Question Help	8	1082	January 27, 2022

Proper housekeeping of /etc/letsencrypt

Related topics