I Normally we will let issues certificate to expire as per timeline but sometimes we might have to revoke or delete the SSL certificate. Please follow below steps to do so.
Checking where files are stored.
Let us go to/etc/letsencrypt
and you will find following folder structure
/etc/letsencrypt$ ls -la
total 56
drwxr-xr-x 9 root root 4096 Aug 19 17:12 .
drwxr-xr-x 99 root root 4096 Aug 15 06:39 ..
drwx------ 4 root root 4096 May 1 12:24 accounts
drwx------ 8 root root 4096 Aug 19 12:27 archive
-rw-r--r-- 1 root root 121 Mar 21 10:24 cli.ini
drwxr-xr-x 2 root root 4096 Aug 19 12:27 csr
drwx------ 2 root root 4096 Aug 19 12:27 keys
drwx------ 8 root root 4096 Aug 19 12:27 live
-rw-r--r-- 1 root root 1143 May 1 11:50 options-ssl-nginx.conf
drwxr-xr-x 2 root root 4096 Aug 19 12:27 renewal
drwxr-xr-x 5 root root 4096 May 1 11:50 renewal-hooks
-rw-r--r-- 1 root root 424 May 1 11:50 ssl-dhparams.pem
-rw-r--r-- 1 root root 64 May 1 11:50 .updated-options-ssl-nginx-conf-digest.txt
-rw-r--r-- 1 root root 64 May 1 11:50 .updated-ssl-dhparams-pem-digest.txt
I tried to access account and archive folder but it did not let me
/etc/letsencrypt$ cd accounts/
-bash: cd: accounts/: Permission denied
Let us find where required domains are stored
/etc/letsencrypt$ sudo find /etc/letsencrypt/ -name "*techtrekking*"
/etc/letsencrypt/archive/techtrekking.net
/etc/letsencrypt/live/techtrekking.net
/etc/letsencrypt/renewal/techtrekking.net.conf
Deleting the required certificate
sudo certbot delete
is the simple command to delete certificates.
/etc/letsencrypt$ sudo certbot delete
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which certificate(s) would you like to delete?
-------------------------------------------------------------------------------
1: mydomain.com
2: mydomain.com
3: mydomain.me
4: techtrekking.net
5: mydomain.com
6: mydomain.me
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 4
-------------------------------------------------------------------------------
Deleted all files relating to certificate techtrekking.net. -------------------------------------------------------------------------------
How to renew letsencrypt certificate manually
Is the simpler that i thought. simply run command sudo certbot renew
and it will renew whichever certificate is due for renewal. For others, you will get message that that domain is not due for renewal yet.
/etc/letsencrypt$ sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/mydomain.com.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/mydomain.me.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/mydomain.net.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/mydomain.com.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/mydomain.me.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
-------------------------------------------------------------------------------
The following certs are not due for renewal yet:
/etc/letsencrypt/live/mydomain.com/fullchain.pem expires on 2018-09-28 (skipped)
/etc/letsencrypt/live/mydomain.me/fullchain.pem expires on 2018-11-09 (skipped)
/etc/letsencrypt/live/techtrekking.net/fullchain.pem expires on 2018-09-28 (skipped)
/etc/letsencrypt/live/mydomain.com/fullchain.pem expires on 2018-11-17 (skipped)
/etc/letsencrypt/live/mydomain.me/fullchain.pem expires on 2018-11-09 (skipped)
No renewals were attempted.