Certbot is used for obtaining a free SSL certificates and renewing them automatically. I am using the python script in Debian 11 Bullseye. First you run certbot on command line to create a certificate and after than it is from from
cron to renew it. Every time
certbot is executed, it is appending some 80KB of debug log to this file
/var/log/letsencrypt/letsencrypt.log
There is no way to disable the debug logging and that log is completely useless unless things go South. And when they do, you can run
certbot with
--debug option to see what went wrong. I saw some people wasting their time trying to convince the developers to fix this issue.

I didn't feel like forking the project just to disable automatic debug logging, so here is a workaround using
logrotate (Debian 11, certbot 1.12.0, logrotate 3.18.0):
Code: Select all
sed -i 's/rotate 12/rotate 0/' /etc/logrotate.d/certbot
sed -i 's/weekly/daily/' /etc/logrotate.d/certbot
sed -i 's/compress/notifempty/' /etc/logrotate.d/certbot
These commands will rewrite certbots logrotate script (
/etc/logrotate.d/certbot) so that it will automatically clean up the debug garbage daily.
Another possible solution I did not try would have been to copy
/dev/null over the log
Code: Select all
cp -a /dev/null /var/log/letsencrypt/letsencrypt.log
Or link the log to
/dev/null
Code: Select all
ln -s /dev/null /var/log/letsencrypt/letsencrypt.log
I did not test these as the first solution was adequate for me. I also don't know how and did not check how the
certbot will react to that and what happens to
logrotate. If you try them out, let me know how it worked.
Happy hacking,
Santeri