-
-
Notifications
You must be signed in to change notification settings - Fork 215
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
logrotate certbot logs: reduce retention #1924
Comments
Thank you for this. We have a logrotate config in the snap that covers pretty much every log except certbot's! Shouldn't be hard to include it. |
Please note that What would be a good retention policy for certbot logs - When should they be compressed and when should they be discarded? Answering this from my point of view: Let's-Encrypt-certificates live for 90 days and you might want to inspect the logs of the previous certificate, so 90*2+10=190 days would be a sane buffer, adding 10 days because 180 days and 6 months might be a different thing, and then add some extra days. (I reckon people will remember that their certificate is renewed every quarter of the year here,) |
Yeah we just need to disable certbot's rotation. @r4co0n what do you think, is this worth doing if we're trying to replace certbot? Or is that a ways off, yet? |
@kyrofa, the biggest concern with migration is keeping everything working for all the folks that currently use certbot, and for those that have provided their own certificates. As far as I could discern, we never log what people last chose when setting up encryption, or am I mistaken? It's prudent to know if the current certificate is self-signed (generated by us), provided by letsencrypt or provided by the admin.
|
@r4co0n I have thoughts on that, but in the interest of not pulling this issue off-topic, do you mind making a comment on #1902 so we can discuss?
Agreed. |
Describe the bug
Certbot/letsencrypt have by default a very high level of log retention which results in hundreds of logs file in /var/snap/nextcloud/current/certs/certbot/logs/.
Especially more for a snap, it is unlikely it is used.
A better default IMHO would be something like 30 days if rotating daily.
see also
https://community.letsencrypt.org/t/log-rotation-configuration/108596
certbot/certbot#4907
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A configurable option would be nice but at least a lesser number as I would expect most install don't need to keep a thousand log history
OS/snapd/snap version
The text was updated successfully, but these errors were encountered: