Add a way to automatically delete old, unused certificates
tukusejssirs opened this issue · 2 comments
It would be nice if old, unused certificates are automatically removed after some time.
When I started using your image, I created multiple certificates:
/etc//letsencrypt/archive/website_1/cert2.pem
/etc//letsencrypt/archive/website_1/cert3.pem
/etc//letsencrypt/archive/website_1/cert4.pem
/etc//letsencrypt/archive/website_1/cert5.pem
/etc//letsencrypt/archive/website_1/cert6.pem
/etc//letsencrypt/archive/website_1/cert7.pem
/etc//letsencrypt/archive/website_2/cert1.pem
/etc//letsencrypt/archive/website_2/cert2.pemHowever, only two of them are used:
/etc/letsencrypt/live/website_1/cert.pem -> ../../archive/website_1/cert7.pem
/etc/letsencrypt/live/website_2/cert.pem -> ../../archive/website_2/cert2.pemReasoning: I have just received an email that the certificate for website_1 has expired, however, the used certificate has been already renewed.
Moreover, I am not sure what is the best way to delete a single certificate when multiple certificates are issued for a single domain. certbot delete removes all certificates for a particular domain. Maybe we can simply delete the files of the unused certificates. 🤔
Hi,
The main regarding website_1 being expired, was that one of the staging certificates that you perhaps created in the beginning while experimenting? I have not received "unsolicited" expiry emails for domains that are actively being renewed (except when I am experimenting with some staging certificates).
The /etc/letencrypt/ folder is fully managed by certbot, so this images does not do anything particular with it.
The archive folder is just cerbot keeping history of older certificates, it will then have this symlink from the live folder to the latest "archived" one.
I just quickly googled and found this thread: https://community.letsencrypt.org/t/how-do-i-clear-the-old-data-from-the-etc-letsencrypt-directory/146667
So while I am a little bit hesitant to actually do anything with the content in the letsencrypt folder, there seems to be some one liners one can run to clean everything (if it is really necessary).
Do you have anymore input to this?