How to totally remove a certbot-created SSL certificate?

Question

I use Ubuntu 16.04 with Nginx and I've installed Nginx Certbot on my operating system (Ubuntu 16.04) with:

apt-get update -y
add-apt-repository ppa:certbot/certbot -y
apt-get update -y
apt-get upgrade python-certbot-nginx -y

I setted Nginx variables:

s_a="/etc/nginx/sites-available"
s_e="/etc/nginx/sites-available"

I created an app conf based on these variables:

sed "s/\${domain}/${1}/g" "~/${repo}/template_nginx_app" > "${s_a}/${domain}.conf"
ln -sf ${s_a}/${domain}.conf ${s_e}

I created a correspondent SSL certificate with Certbot based on the app conf, this way:

certbot --nginx -d ${domain} -d www.${domain}

There are cases an SSL certificate is created in a bad way and one just need to start over after some configurations.

How could I totally remove the SSL certificate (besides removing the app conf ${domain}.conf which was also edited/reconfigured by Certbot) ?

Is there a fast way to do that directly from Certbot? My desire is that no remnants whatsoever would left for both app conf and certificate.

This might be the good way:

rm ${s_a}/${domain}.conf && rm ${s_e}/${domain}.conf
rm -rf /etc/letsencrypt/{live,renewal,archive}/{${DOMAIN},${DOMAIN}.conf}

I would delete the VM and start over. Not strictly necessary, but the cleanest as it forces you to have correct install scripts. — John Mahowald, Feb 11 '18 at 20:30
@JohnMahowaldor better yet, nuke it from orbit, it's the only way to be sure. — crobar, Jun 08 '22 at 20:18

score 50 · Answer 1 · answered Feb 09 '19 at 22:31

50

Yes, certbot can help you clean up.

sudo certbot certificates

will list what certbot thinks you have installed

sudo certbot delete

will allow you to interactively remove and clean up unwanted / deprecated domains.

answered Feb 09 '19 at 22:31

Centurion

611
5
6

after run, all of encrypt error did u know , i cant create a new cert . from apache to nginx . ```The nginx plugin is not working; there may be problems with your existing configuration. The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] cannot load certificate "/etc/letsencrypt/live/``` after delete the cert – Yogi Arif Widodo Aug 19 '22 at 11:48
please more guide how to solve because in my conf there is no point to load the file but the error is always on appears :( – Yogi Arif Widodo Aug 19 '22 at 12:05

score 3 · Answer 2 · answered May 25 '21 at 12:19

If you are running apache2 you will also want to remove the certbot references from the conf file otherwise certbot will get confused when you add a new certificate.

sudo certbot delete

then

emacs /etc/apache2/sites-enabled/000-default-le-ssl.conf

Remove these lines

Include /etc/letsencrypt/options-ssl-apache.conf 
ServerName example.com 
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem 
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem

score 3 · Answer 3 · answered Oct 21 '21 at 17:16

3

Get the certificate's name that will delete

sudo certbot certificates

Delete only one certificate by the name

sudo certbot delete --cert-name server.domain.tld

answered Oct 21 '21 at 17:16

user15897086

31
1

How to totally remove a certbot-created SSL certificate?

3 Answers3