A simple tutorial addressed to webserver administrators who want to delete from Certbot SSL certificates of the areas that are no longer hosted on the server. DELETE OLD DOMAINS CERTBOT CERTIFICES.
Certbot It is an open-source software used by many Centos / RHEL system administrators for certificate administration HTTPS / TLS / SSL Let’s Encrypt.
Certbot operation is done by command lines executed directly in the webserver (SSH or console connection) and To install a certificate It is sufficient for the field / sub-domains to be hosted on that server and be active on the Internet on the server IP. After the order is executed “certbot” All the areas hosted on the server for which we can install a Let's Encrypt certificate will be listed. We type with space between them the numbers corresponding to each domain name for which the SSL certificate will be installed.
A small problem is when a domain that had a certificate installed by CERTBOT was deleted from the Webserver. It will continue to be listed on the order by which we check the validity period of SSL certificates for all areas. If over time there have been several fields on the server, it will be quite difficult to follow the list of CERTBOT certificates.
certbot certificatesIt would be best that in the list of certificates should only remain the active areas.
Delete old domains Certbot certificates – How To
Normally, before we delete a domain or sub-domain from the webserver, it must be revoked and deleting its Certificate Let's Encrypt. We execute the order “certbot” To display the numerical list with the active areas, then order “certbot delete number number” to delete the SSL certificate. Remove Old Domains Certbot Certifices.
If we did not do this before we delete the field on the webserver, it will remain in the list of certificates of Certbot. certbot certificates.
The data on the activated fields and which have been activated in the past with Certbot are kept in three places per severe. Custom made “certbot certificates” These fields even if they are no longer present on the severe they will be continued.
/etc/letsencrypt/live
/etc/letsencrypt/renewal
/etc/letsencrypt/archiveWe execute in webserver command “ls -all /etc/letsencrypt/live” to see the areas present in Let's Encrypt.
We identify the areas we want to delete, either from the list displayed to the above order or from “certbot certificates“, then we execute the following order:
certbot delete --cert-name olddomain.tldWe confirm with “Y” Delete the domain from the list of CERTBOT certificates.
[root@buffy ~]# certbot delete --cert-name olddomain.tld
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificate(s) are selected for deletion:
* olddomain.tld
Are you sure you want to delete the above certificate(s)?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Deleted all files relating to certificate olddomain.tld.
[root@buffy ~]# The SSL certificates will be deleted (Delete Old Domins Certbot Certifications) in Certbot for both the domain name and its sub -domains, if they used the same certificate.
Certificate Name: olddomain.tld
Serial Number: 3fd34e0e3304521371abe948
Key Type: RSA
Domains: www.olddomain.tld olddomain.tld
Expiry Date: 2022-02-09 09:46:12+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/olddomain.tld/fullchain.pem
Private Key Path: /etc/letsencrypt/live/olddomain.tld/privkey.pemThere are also scenarios in which we can use different SSL certificates for the field and some sub -domains. Especially when in addition to the quarrel, we use the combined DNS and SSL administrator of Cloudflare.
