A simple tutorial addressed administratorweb servers that want to delete from Certbot certificates SSL of domains that are no longer hosted on the server. Delete old domains certbot certificates.
Certbot is an open-source software used by many administratorand system on CentOS / RHEL for certificate management HTTPS / TLS / SSL Let's Encrypt.
oPERATION certbot is done by command lines executed directly in the webserver (SSH or console connection), and to install a certificate it is sufficient for the domain / subdomains to be hosted on that server and to be active on the internet on the server's IP. After executing the command "certbot
”Will list numerically all the domains hosted on the server for which we can install a Let's Encrypt certificate. We type with space between them the numbers corresponding to each domain name for which the certificate will be installed SSL.
A small problem is when a domain that had the certificate installed through was deleted from the webserver Certbot. It will be further listed on the order by which we verify the validity period of the certificates SSL for all areas. If there have been multiple domains on the server over time, it will be quite difficult to track the certificate list. certbot.
certbot certificates
It would be best if only the active domains remain in the certificate list.
Delete old domains Certbot certificates - How To
Normally, before deleting a domain or subdomain from the webserver, it must first revoke and delete the Let's Encrypt certificate. We execute the order "certbot
"To display the numeric list of active domains, then the command"certbot delete number number
"To delete the certificate SSL. Remove old domains certbot certificates.
If we did not do this before deleting the domain from the webserver, it will remain in the list of certificates certbot. certbot certificates
.
Data about domains that have been enabled in the past with certbot are kept in three places severely. Custom made "certbot certificates"These areas, even if they are no longer severely present, will be listed below.
/etc/letsencrypt/live
/etc/letsencrypt/renewal
/etc/letsencrypt/archive
We execute the command in the webserver “ls -all /etc/letsencrypt/live
”To see the domains present in Let's Encrypt.
We identify the domains we want to delete, either from the list displayed in the order above or from "certbot certificates
", Then we execute the following command:
certbot delete --cert-name olddomain.tld
We confirm with “Y
”Delete the domain from the certificate list Certbot.
[root@buffy ~]# certbot delete --cert-name olddomain.tld
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificate(s) are selected for deletion:
* olddomain.tld
Are you sure you want to delete the above certificate(s)?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Deleted all files relating to certificate olddomain.tld.
[root@buffy ~]#
certificates SSL will be deleted (Delete old domains certbot certificates) of Certbot both for the domain name and for its subdomains, if they used the same certificate.
Certificate Name: olddomain.tld
Serial Number: 3fd34e0e3304521371abe948
Key Type: RSA
Domains: www.olddomain.tld olddomain.tld
Expiry Date: 2022-02-09 09:46:12+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/olddomain.tld/fullchain.pem
Private Key Path: /etc/letsencrypt/live/olddomain.tld/privkey.pem
There are also scenarios in which we can use certificates SSL different for the domain and some subdomains. Especially when besides Certbot we use combined administrator DNS yes SSL Cloudflare service.