How to Delete Let’s Encrypt SSL Certificates

This post shows students and new users steps to delete Let’s Encrypt certificates created using Certbot. Certbot is a command-line tool that simplifies the process for obtaining and renewing Let’s Encrypt SSL certificates.

With Certbot, one can create, renew, revoke and delete Let’s Encrypt SSL certificates easily using the command line.

By default, Let’s Encrypt will store all the client certificates in the following folders:

  • /etc/letsencrypt/live
  • /etc/letsencrypt/renewal
  • /etc/letsencrypt/archive

When a new certificate is issued, it is store in the /etc/letsencrypt/live directory. The archive folder stores copies of the live certificates.

If you no longer need a certificate or if the certificate has been compromise, you revoke and issue a new request.

Below is how to revoke a certificate.

How to revoke a Let’s Encrypt certificate on Ubuntu Linux

How to delete Let’s Encrypt SSL certificates on Ubuntu Linux

As mentioned above, Certbot is a command-line tool that simplifies the process for obtaining and renewing Let’s Encrypt SSL certificates.

When you revoke a Let’s Encrypt SSL certificate, remnant of the certificate may still be on the server. To completely get rid of certificates you no longer going to use, you should use Certbot to delete it.

Below is how to do that.

First, sign into the server and open the command terminal. Then run the commands below for the domain you wish to delete its SSL certificate.

sudo certbot delete --cert-name example.com

Replace example.com with the actual domain name.

If you do not reference the domain name and simply run the commands below, it will list all the domains registered on the server.

sudo certbot delete

Then select the one from the list to delete.

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which certificate(s) would you like to delete?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: example.com
2: example1.net
3: example2.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1

Select the domain next to the number you wish to delete and press ENTER.

That should do it!

Related post:

Conclusion:

This post showed you how to delete a Let’s Encrypt SSL certificate using Certbot on Ubuntu Linux. If you find any error above or have something to add, please use the comment form below.

Leave a Comment

Your email address will not be published.