Delete old domains Certbot certificates (Let's Encrypt Certificate)

A simple tutorial addressed administratorweb servers that want to delete from Certbot certificates SSL of domains that are no longer hosted on the server. Delete old domains certbot certificates.

Certbot is an open-source software used by many administratorand system on CentOS / RHEL for certificate management HTTPS / TLS / SSL Let's Encrypt.

oPERATION certbot is done by command lines executed directly in the webserver (SSH or console connection), and to install a certificate it is sufficient for the domain / subdomains to be hosted on that server and to be active on the internet on the server's IP. After executing the command "certbot”Will list numerically all the domains hosted on the server for which we can install a Let's Encrypt certificate. We type with space between them the numbers corresponding to each domain name for which the certificate will be installed SSL.

Delete old domains certbot certificates
Certbot Domains

A small problem is when a domain that had the certificate installed through was deleted from the webserver Certbot. It will be further listed on the order by which we verify the validity period of the certificates SSL for all areas. If there have been multiple domains on the server over time, it will be quite difficult to track the certificate list. certbot.

certbot certificates

It would be best if only the active domains remain in the certificate list.

Delete old domains Certbot certificates - How To

Normally, before deleting a domain or subdomain from the webserver, it must first revoke and delete the Let's Encrypt certificate. We execute the order "certbot"To display the numeric list of active domains, then the command"certbot delete number number"To delete the certificate SSL. Remove old domains certbot certificates.

If we did not do this before deleting the domain from the webserver, it will remain in the list of certificates certbot. certbot certificates.

Data about domains that have been enabled in the past with certbot are kept in three places severely. Custom made "certbot certificates"These areas, even if they are no longer severely present, will be listed below.


We execute the command in the webserver “ls -all /etc/letsencrypt/live”To see the domains present in Let's Encrypt.

We identify the domains we want to delete, either from the list displayed in the order above or from "certbot certificates", Then we execute the following command:

certbot delete --cert-name olddomain.tld

We confirm with “Y”Delete the domain from the certificate list Certbot.

[root@buffy ~]# certbot delete --cert-name olddomain.tld
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificate(s) are selected for deletion:

  * olddomain.tld

Are you sure you want to delete the above certificate(s)?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Deleted all files relating to certificate olddomain.tld.
[root@buffy ~]# 

certificates SSL will be deleted (Delete old domains certbot certificates) of Certbot both for the domain name and for its subdomains, if they used the same certificate.

  Certificate Name: olddomain.tld
    Serial Number: 3fd34e0e3304521371abe948
    Key Type: RSA
    Domains: www.olddomain.tld olddomain.tld
    Expiry Date: 2022-02-09 09:46:12+00:00 (INVALID: EXPIRED)
    Certificate Path: /etc/letsencrypt/live/olddomain.tld/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/olddomain.tld/privkey.pem

There are also scenarios in which we can use certificates SSL different for the domain and some subdomains. Especially when besides Certbot we use combined administrator DNS yes SSL Cloudflare service.

Passionate about technology, I enjoy writing on since 2006. I have a rich experience in operating systems: macOS, Windows, and Linux, as well as in programming languages and blogging platforms (WordPress) and for online stores (WooCommerce, Magento, PrestaShop).

How to » Linux » Delete old domains Certbot certificates (Let's Encrypt Certificate)
Leave a Comment