So many logfiles

Hello

I have more than 150 logfiles in /var/log/letsencrypt directory. All these logs were created at 12:00 and 00:00 at every single day. Don’t know why. I wonder why because I haven’t defined a daily run. Any idea where these logfiles are coming from? And how can I get rid of them? I would like to keep logs for 7 or 14 days, but more don’t be needed.

Kind regards
//neph

1 Like

@schoen @bmw @erica - Do you have any insight on this Certbot logging question? Maybe a problem with the arguments in the cron task?

there is just one cronjob to be executed once a week. Nothing else.

45 3 * * 1 certbot renew --standalone --pre-hook "service nginx stop" --post-hook "service nginx start" >> /var/log/letsencrypt/letsencrypt.log

Hi @nephilim,

As you are using certbot in your command line I suppose you have installed it using a package from your GNU/Linux distibution so it could be that the logs came from a systemd timer instead of cron.

Take a look to this post for more info.

Cheers,
sahsanu

1 Like

Well, this is the correct hint. I can see it triggered by systemd in syslog :slight_smile: Thank you so much. Would you please let me know what I can do to avoid this? Is it enough to delete /etc/cron.d/certbot or do I need to disable/delete the timer.service and certbot.service as well?

Kind regards
//neph

Hi @nephilim,

As your distro uses systemd there is no need to remove /etc/cron.d/certbot, it executes nothing if it detects that systemd is working on your system but you can remove it, no problem.

To stop/disable the certbot systemd timer.

systemctl stop certbot.timer
systemctl disable certbot.timer

And to be sure that in case a new debian certbot update doesn't activate certbot.timer again you could mask the certbot.timer.

systemctl mask certbot.timer

This mask creates a symlink from /etc/systemd/system/certbot.timer to /dev/null so this timer will run nothing.

Cheers,
sahsanu

Hej sahsanu,

thank you so much!

Sorry to ask but I hardly try to understand the whole setup. So there are some questions left:

  1. How is the certbot.timer triggering the certbot.service? I cannot see the trigger. I can see that certbot.service triggers the certbot by this definition: ExecStart=/usr/bin/certbot -q renew but not the timer the certbot.service.

  2. Do you know why this is not working? Would be great if you could answer it on the thread.

  3. Would it work if I change the certbot.service to this command: ExecStart=/usr/bin/certbot renew --standalone --pre-hook "service nginx stop" --post-hook "service nginx start"

Thanks in advance…

Kind regards
//neph

1 Like

Every timer created will start the service with the same name, certbot.timer will start certbot.service, nephilim.timer will start nephilim.service and so on :wink:

Let me check...

Yes, it should, but keep in mind that if certbot is updated it will overwrite your changes.

Cheers,
sahsanu

1 Like

Thank you so much.

I have now disabled certbot.timer the way you provided. This is great.

Will certbot application be updated by automation? Or just when I update it manually with apt-get update && apt-get upgrade?

Kind regards
//neph

People who use the certbot-auto script get an updated version every time they run it, but it seems that you installed via OS packages, so you'll get updates via the OS package method instead.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.