I’ve finally gone live with sympl, retiring an olde symbiosis/bytemark/bigV machine this morning. A disgraceful delay but yay! 
So, a starter for 10. I’ve accumulated several thousand /srv/*/config/ssl/sets directories with expired certs. It would be handy to have automatic removal/rotation.
For now, testing one of the sites shows that manual deletion of the old sets doesn’t affect rollover [and the new set starts at ‘current’ target +1, not ‘0’].
Environment 
- Sympl Version [11]:
- Sympl Testing Version [no]
- Debian Version [bullseye]:
- Hardware Type [virtual]
- Hosted On [mythic-beasts]
I have exactly 8 sets in each domain, with the highest numbered typically in the range 20-30.
I’m fairly sure Sympl removes the older ones automatically, in a cron job somewhere.
Hey, thanks, I wasn’t expecting that. I can’t find the file carrying out the cleanup but if automagic doesn’t happen before or with the next rollover, I guess I could move ‘current’ files to sets/0 and try sympl-ssl --select 0.
You should be fine to just remove the non-current ones as it’ll look for the highest number and increment it - a future version of sympl-ssl will clean out old ones automatically, but generally you should be fine.
Thanks. I went down the copy current/* to set/0 and sympl-ssl --select 0 route before deleting the extraneous sets - to make it easier to keep track of updates. What I hadn’t realised is that the several thousand directories were largely a result of the certs getting updated every day for months on end under symbiosis. I’m surprised that rate-limiting didn’t kick in. Anyway, it’s behaving as expected now and Let’s Encrypt don’t seem to have missed me. 