Hello, I'm cleaning up my Let's Encrypt SSL renewals for several sites. I am migrating my server so I'm doing clean up the same time.
Can I safely delete the following:
/letsencrypt/csr (all files)
/letsencrypt/keys (all files)
/letsencrypt/archive/ (all previously last generated pem files for sites)
Do not delete all of the files from the /archive/ folder. The files in /live/ are symlinks to the most recent file in /archive/ and need to exist.
I would think you could delete any files in those folders that are more than 90 days old as they relate to expired certs. But, I am sure other volunteers will have better info about this. I mostly wanted to warn you away from deleting the entire /archive/
Those can be deleted indeed.
I'm with @MikeMcQ, don't blindly delete this directory, as it also contains the certs currently in use.
Personally I'd say any expired certificate (i.e.: older than 90 days) isn't useful any longer and can also be deleted from the /archive/ directory. That said, I wouldn't bother: the files are small, just migrate the entire directory 
Makes sense..thanks!
A big thank you for asking first. Many people delete first and then come here and say their site in no longer secure. 
You might be able to get away with migrating only the renewal configuration files and hooks, but I would test a renewal after such a migration before purging your current data.
That wouldn't work without snakeoil certificates if service configurations using the certificates and keys would be migrated one on one too.
Also, never purge current data. Always keep backups.
True. If the migrated webserver configuration files reference existing certificates, you are stuck.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.