Correct way to completely remove issued certificate(s) for a domain


we implemented in a way that we store certs forever so unfortunately I’m unable to provide more info in this.

Kind regards,

The reason for deleting cert:
For example, I began developing new version of site at
Then I need to issue cert for
Then, when development is ending, I switch domain to the directory of
And I need to expand certificate to
This is confused me that I have got root cert with the test name.
May be the best way to do that is to define filename for’s certificate in command line, and set it to


I like the idea that we keep records of the certs we have generated - however I too have old certs I no longer wish to renew. I found that creating a new directory /etc/letsencrypt/renew_disabled and simply moving a domains’s renewal file from /etc/letsencrypt/renew into the new folder was enough for the certbot renew command not to action these domains.

1 Like

Not sure if there’s an officially supported way of doing this, but I wanted to add that in additional to the /live and /renewal directories, there’s also a copy of the cert in /archive.

find /etc/letsencrypt/ -name "*mydomain*"


This worked for me, many thanks…

made a backup first though JIC,

sudo cp /etc/letsencrypt/ /etc/letsencrypt.backup -r

I deleted the ‘no longer needed domains’ in the three folders…

rm -rf /etc/letsencrypt/live/${DOMAIN}
rm -rf /etc/letsencrypt/renewal/${DOMAIN}.conf
rm -rf /etc/letsencrypt/archive/${DOMAIN}

Type “certbot delete” and choose the certificate to delete from the list. It removes files from live, archive and renewal directories.

Should this issue be closed now that there is a command to do it?


“certbot delete” is a good starting point, but it doesn’t remove the created apache vhost and settings.
So executing “service apache2 restart” will trigger a “AH00526: Syntax error”


It would be great also if we could just do certbot delete {$DOMAIN} – having to select from a numbered list and then input the number is a little clunky.

@JohnCC, you should already be able to do that with the --cert-name option. To find out the relevant cert name, you can run certbot certificates.


Thank you, sorry I missed that. That helps a lot!


thanks for the thread…I was wondering the same thing with a few certs that died off for me.

just to note, since I use certbot-auto on 1 of my servers, you can run this command using:

sudo ./certbot-auto delete

question I have now is - can I rename the .conf name is /archive, /live, & /renewal?

1 Like

@erica, is there a way to reach rename_lineage in the cert manager from the CLI?

Rename has not yet launched, because we stalled on the complexity of renaming certs within the configuration files. Currently I would recommend deleting and recreating the certs with a new name.

thanks for the reply. it’s not that big of a deal to me…my new cert is just named something like mysite-0001.conf…I can wait until rename is available.

Thanks for solving my issue. You are great.

No effect?? certbot revoke --cert-path /etc/letsencrypt/live/MyDomain/fullchain.pem produced “Congratulations! You have successfully revoked the certificate that was located
at …”, but it is confuse, no “deletion”, all is there when I check again by certbot certificates.

I need a real “delete”, to purge old certificates that are listed in certbot certificates… not see here an instruction and objective “step-by-step” how-to for it.


That’s correct. “certbot revoke” doesn’t delete anything.

(And you don’t need to revoke a certificate before deleting it, unless the private key has been compromised, or you no longer control the domain(s).)

certbot delete --cert-name MyDomain” can be used to delete a certificate’s files. (It doesn’t revoke it.)

Update: In newer versions of Certbot, “certbot revokecan optionally delete the certificate files as well.


Thanks @mnordhoff, certbot delete --cert-name MyDomain worked fine! And important to remember that “… don’t need to revoke a certificate before deleting”.

Well, let’s help to start a fast-guide.


One problem is that you also receive a reminder email when the certificate expires after you delete the certificate. How do I cancel the mail subscription for this certificate while deleting the certificate?

1 Like

The email contains a link to PERMANENTLY unsubscribe YOUR ADDRESS from alerts for ALL CERTIFICATES, past and future.

It’s not possible to unsubscribe from alerts for only one certificate.

You’ll only get one or two more emails, and they’ll stop after the certificate has expired. Your best option is just to ignore them. :slightly_frowning_face: