replace certbot log rotation with logrotate

logrotate.conf

@@ -0,0 +1,38 @@
+# see "man logrotate" for details
+# rotate log files daily
+daily
+
+# keep 10 days worth of backlogs
+rotate 10
+
+# restrict maximum size of log files
+#size 20M
+
+# create new (empty) log files after rotating old ones
+create
+
+# uncomment this if you want your log files compressed
+#compress
+
+# Logs are moved into directory for rotation
+# olddir /var/log/archive
+
+# Ignore pacman saved files
+tabooext + .pacorig .pacnew .pacsave
+
+# Arch packages drop log rotation information into this directory
+include /etc/logrotate.d
+
+/var/log/wtmp {
+    monthly
+    create 0664 root utmp
+    minsize 1M
+    rotate 1
+}
+
+/var/log/btmp {
+    missingok
+    monthly
+    create 0600 root utmp
+    rotate 1
+}

logrotate.d/letsencrypt

@@ -0,0 +1,4 @@
+/var/log/letsencrypt/*.log {
+    missingok
+    nocreate
+}

systemd/system/certbot-renew.service.d/local.conf

@@ -2,7 +2,7 @@
 CapabilityBoundingSet=
 CPUSchedulingPolicy=batch
 ExecStart=
-ExecStart=/usr/bin/certbot -q renew --no-random-sleep-on-renew
+ExecStart=/usr/bin/certbot -q renew --no-random-sleep-on-renew --max-log-backups 0
 LockPersonality=true
 MemoryDenyWriteExecute=true
 PrivateDevices=true