Posted on by Pravin

How to delete or renew Letsencrypt Certificate

I Normally we will let issues certificate to expire as per timeline but sometimes we might have to revoke or delete the SSL certificate. Please follow below steps to do so.

Checking where files are stored.

Let us go to/etc/letsencrypt and you will find following folder structure

/etc/letsencrypt$ ls -la
total 56
drwxr-xr-x  9 root root 4096 Aug 19 17:12 .
drwxr-xr-x 99 root root 4096 Aug 15 06:39 ..
drwx------  4 root root 4096 May  1 12:24 accounts
drwx------  8 root root 4096 Aug 19 12:27 archive
-rw-r--r--  1 root root  121 Mar 21 10:24 cli.ini
drwxr-xr-x  2 root root 4096 Aug 19 12:27 csr
drwx------  2 root root 4096 Aug 19 12:27 keys
drwx------  8 root root 4096 Aug 19 12:27 live
-rw-r--r--  1 root root 1143 May  1 11:50 options-ssl-nginx.conf
drwxr-xr-x  2 root root 4096 Aug 19 12:27 renewal
drwxr-xr-x  5 root root 4096 May  1 11:50 renewal-hooks
-rw-r--r--  1 root root  424 May  1 11:50 ssl-dhparams.pem
-rw-r--r--  1 root root   64 May  1 11:50 .updated-options-ssl-nginx-conf-digest.txt
-rw-r--r--  1 root root   64 May  1 11:50 .updated-ssl-dhparams-pem-digest.txt

I tried to access account and archive folder but it did not let me

/etc/letsencrypt$ cd accounts/
-bash: cd: accounts/: Permission denied

Let us find where required domains are stored

/etc/letsencrypt$ sudo find /etc/letsencrypt/ -name "*techtrekking*"
/etc/letsencrypt/archive/techtrekking.net
/etc/letsencrypt/live/techtrekking.net
/etc/letsencrypt/renewal/techtrekking.net.conf

Deleting the required certificate

sudo certbot delete is the simple command to delete certificates.

/etc/letsencrypt$ sudo certbot delete 
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which certificate(s) would you like to delete?
-------------------------------------------------------------------------------
1: mydomain.com
2: mydomain.com
3: mydomain.me
4: techtrekking.net
5: mydomain.com
6: mydomain.me
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 4

-------------------------------------------------------------------------------
Deleted all files relating to certificate techtrekking.net. -------------------------------------------------------------------------------

How to renew letsencrypt certificate manually

Is the simpler that i thought. simply run command sudo certbot renewand it will renew whichever certificate is due for renewal. For others, you will get message that that domain is not due for renewal yet.

/etc/letsencrypt$ sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/mydomain.com.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/mydomain.me.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/mydomain.net.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/mydomain.com.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/mydomain.me.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

-------------------------------------------------------------------------------

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/mydomain.com/fullchain.pem expires on 2018-09-28 (skipped)
  /etc/letsencrypt/live/mydomain.me/fullchain.pem expires on 2018-11-09 (skipped)
  /etc/letsencrypt/live/techtrekking.net/fullchain.pem expires on 2018-09-28 (skipped)
  /etc/letsencrypt/live/mydomain.com/fullchain.pem expires on 2018-11-17 (skipped)
  /etc/letsencrypt/live/mydomain.me/fullchain.pem expires on 2018-11-09 (skipped)
No renewals were attempted.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.