Sometimes, there might be a need to remove a certificate managed by Certbot. Perhaps, you no longer need the certificate, or you want to replace it with a new one or you are getting the error “Nginx 403 Forbidden” while opening your website after installing the SSL certificate. Whatever the reason may be, removing a certificate from Certbot is a straightforward process.
In this article, we will discuss how to remove a certificate managed by Certbot in a step-by-step manner.
Table of Contents
Secure Socket Layer (SSL) certificates are an essential part of any website that wants to ensure secure communication with its users. Certbot is a widely used tool for managing SSL certificates on Linux servers.
It is an open-source tool that automates the process of obtaining, renewing, and revoking SSL certificates.
Steps to Remove Certbot Certificate
For this tutorial, we are using CentOS 8, but you can use this method for any Linux distribution, such as Red Hat Linux, Ubuntu, etc.
1. Certbot List All Certificates
The first step is to list all the certificates managed by Certbot. To do this, open a terminal or command prompt window on your server and run the following command:
sudo certbot certificates
Below is the sample output of the command.
[opc@cent8 ~]$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: yourwebsite.com
Serial Number: 3026908a2adacbd3a3fd8584b99b7878965
Key Type: RSA
Domains: yourwebsite.com www.yourwebsite.com
Expiry Date: 2023-05-10 00:55:09+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/yourwebsite.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/yourwebsite.com/privkey.pem
2. Identify the Certificate
Identify the certificate you want to remove from the list. The certificate’s name is listed in the “Certificate Name” column as shown in the above output. Note down the certificate’s name for the next step.
3. Remove the Certificate
To remove a certificate, use the Certbot command-line tool with the delete subcommand followed by the name of the certificate.
For example, to delete a certificate with the name yourwebsite.com, run the following command:
sudo certbot delete --cert-name yourwebsite.com
Below is the sample output of the command.
[opc@cent8 ~]$ sudo certbot delete --cert-name yourwebsite.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificate(s) are selected for deletion:
* yourwebsite.com
WARNING: Before continuing, ensure that the listed certificates are not being
used by any installed server software (e.g. Apache, nginx, mail servers).
Deleting a certificate that is still being used will cause the server software
to stop working. See https://certbot.org/deleting-certs for information on
deleting certificates safely.
Are you sure you want to delete the above certificate(s)?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o:
(Y)es/(N)o:
(Y)es/(N)o: y
Deleted all files relating to certificate yourwebsite.com.
4. Check for Any References
After removing the SSL certificate, check for any references to it in your server’s configuration files. If you have other services running on your server that use the same certificate, such as Nginx or Apache, you may need to update their configuration files to remove the references to the deleted certificate.
Below is the output from a website configuration file, which you will need to update after removing the SSL certificate using the Certbot command.
5. Verify web server
Once you have removed the SSL certificate entry from your website configuration, make sure to verify your webserver configuration.
For Nginx, you can run “nginx -t” and for Apache, you can run “apachectl configtest“
$sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
6. Restart or reload your webserver
Once you have verified the configuration of your web server, now it’s time to restart or reload your webserver.
You can run the below commands depending upon your webserver.
# For restarting Nginx
$ sudo systemctl restart nginx
# For restarting Apache server on CentOs and Ubuntu
$ sudo systemctl restart httpd
$ sudo systemctl restart apache2
# For reloading Nginx Server
$ sudo systemctl reload nginx
# For reloading Apache Server on CentOs and Ubuntu
$ sudo systemctl reload httpd
$ sudo systemctl reload apache2
Conclusion
This is how you can remove the SSL certificate managed by Certbot with just a few commands. We hope you like this article “Certbot Remove Certificate”.
In case of any questions or concerns, please let us know through comments.