| SYSTEM INFORMATION | |
|---|---|
| OS type and version | Ubuntu 20.04/24.04 |
| Webmin version | 2.303 |
| Virtualmin version | 7.30.8 Pro |
| Webserver version | Apache 2.4.41 |
it looks like all site folders inside /etc/letsencrypt/csr never get cleaned, and the directory is growing big, some servers well over a gigabyte.
@Ilia could you give us a suggestion on âcleanupâ for this folder??
Yes, sure, you can clean up some of its files by running:
find /etc/letsencrypt/csr/ -type f -mtime +90 -delete
Thank you @Ilia , but may I suggest that Virtualmin does that whenever it renews a LetâsEncrypt certificate, at least inside the sub-folder for which it renewed it ?
As an OS package Iâd think this should be handled âupstreamâ?
I am fine with whatever solution as long as itâs handled by Virtualmin (Pro) or its packages, or the API of the packages. Maybe itâs a bug of the package, either to be fixed by the package or worked around. Itâs nothing urgent, fix can wait a few months, so you can sure try by first filing a bug upstream, and if nothing happens workaround, as usual. 
Iâm not sure about that⊠@Jamie, what are your thoughts on it?
I assume that the certbot tool is what creates files in /etc/letsencrypt/csr , since Virtualmin never touches that directory. We could clean it up, but also Iâd feel a little scared messing with another programâs database.
Problem is, obviously, you are âass u meâ ing these are stale files because people are renewing regularly.
This is about as much help as I can offer.
Just so the answer is here too.
"You should NOT use the ubuntu Certbot package. Instead you should use the snapd distribution. Certbot stopped supporting distributions in favor of snapd several years ago; their team recommends against using distribution packages because they are often seriously out of date and miss important fixes and updates.
you can delete the /csr/ files. they are only there for archives/backups and are not used for renewal."
Ilia, thanks for the script⊠turns out I shouldâve checked the size of my /etc/letsencrypt folder before asking⊠my entire /etc/letsencrypt folder is only 51 meg. No need to clean up. It seems to be managing itself. (I use Debian, not Ubuntu)
I think LE is going to start recommending 3 week cert renewal. So, this might become more of an issue going forward. Ubuntu leeches off of Debian for packages, hence the âoldâ unfixed version.
I have NO idea how snapd packages would differ but the good thing is that there is only ONE to worry about over all distributions.