This is a simple no-frills CLI utility to delete obsolete Let's Encrypt certificate files from your system. Every time certificates are registered or renewed, certbot generates new certificates in /etc/letsencrypt. It never deletes the old expired ones (see GitHub issue).
Whilst the physical storage of these certificates is not the issue (they do not take up much space), over time there can be literally tens of thousands of redundant files left within the folder structure.
Note: I have decided to archive this project as Cerbot has now implemented a pruning mechanism which means this utility is no longer necessary.
You can download a download a static binary from the releases, or install from source using go install https://github.com/axllent/cert-prune@latest.
$ cert-prune -h
A utility to delete expired Let's Encrypt certificates.
All unused certificates, and (by default) all csrs & keys older than 60 days are deleted.
If no path is provided then /etc/letsencrypt is assumed.
Support:
https://github.com/axllent/cert-prune
Usage:
cert-prune [path] [flags]
Flags:
-n, --nr-days int Delete generation CSRs and Keys older than X days (default 60)
-v, --verbose Verbose logging$ du -hs /etc/letsencrypt
191M /etc/letsencrypt
$ cert-prune
INFO Certs deleted: 27136
INFO CSRs deleted: 8787
INFO Keys deleted: 8787
$ du -hs /etc/letsencrypt
7.9M /etc/letsencrypt