Old acme challenges aren't cleaned up

osuosl-cookbooks / osl-acme

OSL Wrapper cookbook for ACME (LetsEncrypt) related configuration

Apache License 2.0

0 stars 0 forks source link

Old acme challenges aren't cleaned up #2

Open doublej472 opened 7 years ago

doublej472 commented 7 years ago

On ros.osuosl.org we have a few old challenges laying around, we should add a way to clean them up.

[root@ros.osuosl.org ~]# ls -lh /var/www/roscon.ros.org/.well-known/acme-challenge/
total 12K
-rw-r--r--. 1 root root 87 Jun 19 21:05 CxkBAYiDua1Kpm2x4OA8yqMKor15ro9j8thUYsmQtdk
-rw-r--r--. 1 root root 87 Jun 19 20:57 NKzdaegaNMYyOmvHsP35Nr5kcybpsCV1ueoqup9E9po
-rw-r--r--. 1 root root 87 Jun 19 20:52 W5BQfJdVv3RYvxAkyGmkr2Wv5uKcWlIhcLxPRTSbrPI
[root@ros.osuosl.org ~]#

doublej472 commented 5 years ago

This seems to be less of an issue here, after nearly 2 years, there is only 20 or so more challenge files, adding up to 96K of disk space. This is more of an issue on lb1.osuosl.org, which has over 2.2M of disk space used in 540 files, and it will only get worse with time

ramereth commented 5 years ago

We can probably clear out verifications that are older than 90 days.

doublej472 commented 5 years ago

@ramereth or maybe delete verifications before (or after) every chef run? The challenges are useless outside of the chef runs, since they are created and verified before chef-client completes, unless there is an error.

ramereth commented 5 years ago

I think it's safer to just delete it after X days.