SOLVED: How to disable certbot debug log

Questions and discussion about web design, search engine optimisation and hosting
Santeri
Posts: 324
Joined: 2017-7-5 09:58

Unread post by Santeri » 2022-1-8 09:15

Certbot is used for obtaining a free SSL certificates and renewing them automatically. I am using the python script in Debian 11 Bullseye. First you run certbot on command line to create a certificate and after than it is from from cron to renew it. Every time certbot is executed, it is appending some 80KB of debug log to this file /var/log/letsencrypt/letsencrypt.log

There is no way to disable the debug logging and that log is completely useless unless things go South. And when they do, you can run certbot with --debug option to see what went wrong. I saw some people wasting their time trying to convince the developers to fix this issue.
Image I didn't feel like forking the project just to disable automatic debug logging, so here is a workaround using logrotate (Debian 11, certbot 1.12.0, logrotate 3.18.0):

Code: Select all

sed -i 's/rotate 12/rotate 0/' /etc/logrotate.d/certbot
sed -i 's/weekly/daily/' /etc/logrotate.d/certbot
sed -i 's/compress/notifempty/' /etc/logrotate.d/certbot
These commands will rewrite certbots logrotate script (/etc/logrotate.d/certbot) so that it will automatically clean up the debug garbage daily.

Another possible solution I did not try would have been to copy /dev/null over the log

Code: Select all

cp -a /dev/null /var/log/letsencrypt/letsencrypt.log
Or link the log to /dev/null

Code: Select all

ln -s /dev/null /var/log/letsencrypt/letsencrypt.log
I did not test these as the first solution was adequate for me. I also don't know how and did not check how the certbot will react to that and what happens to logrotate. If you try them out, let me know how it worked.

Happy hacking,

Santeri