~150 sites, split over 7 certificates - how to plan for renewals?

For what it’s worth, deleting them (the local files) and revoking them are two different things.

certbot delete” doesn’t automatically revoke certificates. It just deletes some of the local files.

certbot revoke” doesn’t automatically delete any files, either.

Revoking them shouldn’t be necessary.

2 Likes

Hey @mnordhoff,

I completely understand!

To confirm, a few weeks before its due for renewal, I’m going to certbot revoke and then manually rm -rf site.tld (which I manually renamed this time), and then request a new certificate and be sure to feed it with the –cert-name site.tld flag

I appreciate all the help @sahsanu, @jmorahan - yesterday my team and I secured over 80 websites thanks to LE - I’ve been dreading it for months given our weird setup, but it could’ve have gone better! Cheers!

1 Like

You can use certbot delete for this (it will be sure to remove all of the relevant files in /etc/letsencrypt, including the configuration in /etc/letsencrypt/renewal).

1 Like

ah, I should combine revoke and delete? Awesome!

Thanks for the tip!

You generally don’t need to revoke certificates that haven’t suffered a private key compromise.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.