Let's Encrypt: Remove certificate with certbot on Linux servers
Removing Let's Encrypt certificates no longer needed from certbot
Let's Encrypt have enabled all website owners to run their website more secure, by offering free certificates and certbot is their tool to easy add, manage and remove certificates
Check installed certs
Logon the server, where you have the certificate installed and run below snippet
[snippet]sudo certbot certificates[/snippet]
This will list all certificates you have on your server
[snippet]Found the following certs:
Certificate Name: bonty.net
Serial Number: 4509645************
Key Type: RSA
Domains: www.bonty.net bonty.net
Expiry Date: 2023-03-03 16:13:42+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/bonty.net/fullchain.pem
Private Key Path: /etc/letsencrypt/live/bonty.net/privkey.pem
Certificate Name: collectorshub.net
Serial Number: 3a12************
Key Type: RSA
Domains: www.collectorshub.net collectorshub.net
Expiry Date: 2022-12-02 01:12:25+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/collectorshub.net/fullchain.pem
Private Key Path: /etc/letsencrypt/live/collectorshub.net/privkey.pem
Certificate Name: worksheet.bonty.net
Serial Number: 462c0c************
Key Type: RSA
Domains: worksheet.bonty.net
Expiry Date: 2022-12-11 01:10:05+00:00 (VALID: 7 days)
Certificate Path: /etc/letsencrypt/live/worksheet.bonty.net/fullchain.pem
Private Key Path: /etc/letsencrypt/live/worksheet.bonty.net/privkey.pem
[/snippet]
It will also list when it expires and folder path to the certificates
Removing certificates
Certbot allows you to remove certificates, using below command
[snippet]sudo certbot delete[/snippet]
After command is run, you'll be asked what certificate to remove. Just enter the number of the certificate you want removed and press enter
[snippet]Which certificate(s) would you like to delete?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: bonty.net
2: collectorshub.net
3: worksheet.bonty.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):[/snippet]
After you have enter number of the certificate you want to remove, you'll be asked to confirm your decision
[snippet]The following certificate(s) are selected for deletion:
* collectorshub.net
Are you sure you want to delete the above certificate(s)?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o:[/snippet]
After you confirm, certbot will confirm that files have been removed
[snippet]Deleted all files relating to certificate collectorshub.net.[/snippet]
My cert is not listed
If you already know what cert you want to remove and it for some reason doesn't get listed, it's also possible to directly specify the certificate you want to remove
[snippet]sudo certbot delete --cert-name example.com[/snippet]
Just replace example.com with your actual domain and certbot will try to remove the certificate
Tags: #LetsEncrypt #Certbot #Linux
