This brief tutorial shows students and new users how to revoke Let’s Encrypt SSL/TLS certificates as well as how to completely remove Let’s Encrypt | Certbot packages and directories.
There are many reasons why you’d want to revoke a SSL/TLS certificate.
One primary reason is if you find out that the corresponding private key to the public certificate is no longer safe, in which case you will want to revoke the certificate and request a new one.
Or if you no longer need to use a particular certificate, you can either let it run until it’s expired or revoke it.
We recently revoked our Let’s Encrypt certificates because of our migration to Google Compute Load Balancer / Cloud CDN.
Before we migrated, we handled all our Let’s Encrypt SSL certificates, including automatic renewal requests. Since GCP load balancer provides and manages Let’s Encrypt SSL/TLS certificates for hosts, there were no reason to manage ours anymore.
So we revoke all our certificates and transferred the certificate requests and management to Google.
When you want to learn how to revoke Let’s Encrypt SSL/TLS certificates, follow the steps below:
Step 1: Validate Certificate file
Before you revoke a certificate, you’ll want to validate that the correct certificates and key file you’re revoking. since there is no reversal. Once a certificate is revoked, it will never be used again.
When you revoke a certificate, the certificate authority publishes that revocation information through the Online Certificate Status Protocol (OCSP), and some browsers will check OCSP to see whether they should trust a certificate.
Step 2: Revoke a Certificate for example.com
Now that you know the certificate you want to revoke, simply run the command below to revoke a certificate for the domain example.com
certbot revoke --cert-path /etc/letsencrypt/live/example.com/cert.pem --key-path /etc/letsencrypt/live/example.com/key.pem
Let’s Encrypt typically stores its certificates and corresponding key in the /etc/letsencrypt/live/example.com/ directory. Replacing example.com with the domain name you issued for the certificate.
When you run the command above, you’ll also get prompted whether to also remove the directory and folders of the certificate. most cases, you’ll want to type y for yes.
Step 3: Uninstall Let’s Encrypt | Certbot
If you don’t want to use Let’s Encrypt of Certbot to manage your certificates, you can completely remove or purge the app and packages from your system. To do that, simply run the commands below:
sudo apt update sudo apt purge letsencrypt && sudo apt purge certbot
When you run the commands above, you’ll be prompted to confirm that you want to remove listed packages. Choose yes.
Finally, run the commands below to remove Let’s encrypt directories.
sudo rm -rf /etc/letsencrypt
That should do it!
You have learned how to revoke Let’s Encrypt certificates as well as uninstall and remove packages and directories installed by Let’s encrypt packages. If you do find issues with the steps above, please comment below:
You may also like the post below: