I have more than 150 logfiles in
/var/log/letsencrypt directory. All these logs were created at 12:00 and 00:00 at every single day. Don’t know why. I wonder why because I haven’t defined a daily run. Any idea where these logfiles are coming from? And how can I get rid of them? I would like to keep logs for 7 or 14 days, but more don’t be needed.
@schoen @bmw @erica - Do you have any insight on this Certbot logging question? Maybe a problem with the arguments in the cron task?
there is just one cronjob to be executed once a week. Nothing else.
45 3 * * 1 certbot renew --standalone --pre-hook "service nginx stop" --post-hook "service nginx start" >> /var/log/letsencrypt/letsencrypt.log
As you are using certbot in your command line I suppose you have installed it using a package from your GNU/Linux distibution so it could be that the logs came from a systemd timer instead of cron.
Take a look to this post for more info.
Well, this is the correct hint. I can see it triggered by systemd in syslog Thank you so much. Would you please let me know what I can do to avoid this? Is it enough to delete
/etc/cron.d/certbot or do I need to disable/delete the timer.service and certbot.service as well?
As your distro uses systemd there is no need to remove /etc/cron.d/certbot, it executes nothing if it detects that systemd is working on your system but you can remove it, no problem.
To stop/disable the certbot systemd timer.
systemctl stop certbot.timer
systemctl disable certbot.timer
And to be sure that in case a new debian certbot update doesn’t activate
certbot.timer again you could mask the
systemctl mask certbot.timer
This mask creates a symlink from
/dev/null so this timer will run nothing.
thank you so much!
Sorry to ask but I hardly try to understand the whole setup. So there are some questions left:
How is the certbot.timer triggering the certbot.service? I cannot see the trigger. I can see that certbot.service triggers the certbot by this definition:
ExecStart=/usr/bin/certbot -q renew but not the timer the certbot.service.
Do you know why this is not working? Would be great if you could answer it on the thread.
Would it work if I change the certbot.service to this command:
ExecStart=/usr/bin/certbot renew --standalone --pre-hook "service nginx stop" --post-hook "service nginx start"
Thanks in advance…
Every timer created will start the service with the same name, certbot.timer will start certbot.service, nephilim.timer will start nephilim.service and so on
Let me check…
Yes, it should, but keep in mind that if certbot is updated it will overwrite your changes.
Thank you so much.
I have now disabled certbot.timer the way you provided. This is great.
Will certbot application be updated by automation? Or just when I update it manually with apt-get update && apt-get upgrade?
People who use the
certbot-auto script get an updated version every time they run it, but it seems that you installed via OS packages, so you’ll get updates via the OS package method instead.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.