Correct way to completely remove issued certificate(s) for a domain

Yes, a feature / verb to completely remove a domain from configuration is necessary.
Or, at least, a documentation how to do it manually in correct order.


Hi, any progress on this?

By experiment, I found following manual solution:

  • rm -rf /etc/letsencrypt/live/${DOMAIN}
  • rm /etc/letsencrypt/renewal/${DOMAIN}.conf

Until doing that, I was getting errors on renew for the dead domain.


we implemented in a way that we store certs forever so unfortunately I’m unable to provide more info in this.

Kind regards,

The reason for deleting cert:
For example, I began developing new version of site at
Then I need to issue cert for
Then, when development is ending, I switch domain to the directory of
And I need to expand certificate to
This is confused me that I have got root cert with the test name.
May be the best way to do that is to define filename for’s certificate in command line, and set it to


I like the idea that we keep records of the certs we have generated - however I too have old certs I no longer wish to renew. I found that creating a new directory /etc/letsencrypt/renew_disabled and simply moving a domains’s renewal file from /etc/letsencrypt/renew into the new folder was enough for the certbot renew command not to action these domains.

1 Like

Not sure if there’s an officially supported way of doing this, but I wanted to add that in additional to the /live and /renewal directories, there’s also a copy of the cert in /archive.

find /etc/letsencrypt/ -name "*mydomain*"


This worked for me, many thanks…

made a backup first though JIC,

sudo cp /etc/letsencrypt/ /etc/letsencrypt.backup -r

I deleted the ‘no longer needed domains’ in the three folders…

rm -rf /etc/letsencrypt/live/${DOMAIN}
rm -rf /etc/letsencrypt/renewal/${DOMAIN}.conf
rm -rf /etc/letsencrypt/archive/${DOMAIN}

Type “certbot delete” and choose the certificate to delete from the list. It removes files from live, archive and renewal directories.

Should this issue be closed now that there is a command to do it?


“certbot delete” is a good starting point, but it doesn’t remove the created apache vhost and settings.
So executing “service apache2 restart” will trigger a “AH00526: Syntax error”


It would be great also if we could just do certbot delete {$DOMAIN} – having to select from a numbered list and then input the number is a little clunky.

@JohnCC, you should already be able to do that with the --cert-name option. To find out the relevant cert name, you can run certbot certificates.


Thank you, sorry I missed that. That helps a lot!


thanks for the thread…I was wondering the same thing with a few certs that died off for me.

just to note, since I use certbot-auto on 1 of my servers, you can run this command using:

sudo ./certbot-auto delete

question I have now is - can I rename the .conf name is /archive, /live, & /renewal?


@erica, is there a way to reach rename_lineage in the cert manager from the CLI?

Rename has not yet launched, because we stalled on the complexity of renaming certs within the configuration files. Currently I would recommend deleting and recreating the certs with a new name.

thanks for the reply. it’s not that big of a deal to me…my new cert is just named something like mysite-0001.conf…I can wait until rename is available.

Thanks for solving my issue. You are great.

No effect?? certbot revoke --cert-path /etc/letsencrypt/live/MyDomain/fullchain.pem produced “Congratulations! You have successfully revoked the certificate that was located
at …”, but it is confuse, no “deletion”, all is there when I check again by certbot certificates.

I need a real “delete”, to purge old certificates that are listed in certbot certificates… not see here an instruction and objective “step-by-step” how-to for it.


That’s correct. “certbot revoke” doesn’t delete anything.

(And you don’t need to revoke a certificate before deleting it, unless the private key has been compromised, or you no longer control the domain(s).)

certbot delete --cert-name MyDomain” can be used to delete a certificate’s files. (It doesn’t revoke it.)

Update: In newer versions of Certbot, “certbot revokecan optionally delete the certificate files as well.

1 Like

Thanks @mnordhoff, certbot delete --cert-name MyDomain worked fine! And important to remember that “… don’t need to revoke a certificate before deleting”.

Well, let’s help to start a fast-guide.