No effect?? certbot revoke --cert-path /etc/letsencrypt/live/MyDomain/fullchain.pem produced “Congratulations! You have successfully revoked the certificate that was located
at …”, but it is confuse, no “deletion”, all is there when I check again by certbot certificates.
I need a real “delete”, to purge old certificates that are listed in certbot certificates… not see here an instruction and objective “step-by-step” how-to for it.
Thanks @mnordhoff, certbot delete --cert-name MyDomain worked fine! And important to remember that “… don’t need to revoke a certificate before deleting”.
One problem is that you also receive a reminder email when the certificate expires after you delete the certificate. How do I cancel the mail subscription for this certificate while deleting the certificate?
Note that certbot delete --cert-name MyDomain leaves Apache and also certbot --apache broken. That is, it does not remove/edit the Apache files after delete, leaving the apache conf files to refer to non-existing files, so restarting apache or re-running certbot --apache will give you an error. Some manual is required to get things back on track.
It would be nice if certbot delete would take care of that too (certbot renew is smart enough to know which method was used to create the certs and use the same one to renew; would be nice if delete could too).
Delete domains from a certificate
Is like to redo “Create a certificate” task… So, do it by subtracting from the domain list, the domain that you whant to delete. Example: supposing as in Scenario-1 that you have a certificate xxxx.org with domains {xxxx.org, aaaaa.com, aaaaa.org}, and suppose that you whant to delete aaaaa.com.
All those are great ideas and I am thankful that I found this discussion. I learned a lot!
Altering Apache configs would certainly make it slicker, but altering them after certbot delete would be easy with sed. I just used an editor to make the changes since I was working in there anyway. Plus Apache will remind you what’s wrong if you forget. Not everyone puts their configs in the same spot as it might expect it on Ubuntu, like what I’m using; FreeBSD.
Awesome that there is a delete switch now. Thanks to who contributed it. I used it and it worked. Super easy! I really appreciate your effort! Letsencrypt and certbot have made something that used to be painfully tedious and expensive a real breeze.
Thank you all for this thread. I had a server where the Apache crashed due to missing at that time domain(s), which certificates Letsencrypt tried to renew automatically. After reading the comments I have made an archive of the letsencrypt folder /etc/letsencrypt/, then disabled the domain(s) via Apache command “sudo a2dissite domain.ext.conf.conf”, and lastly used the command to remove the certificates from letsencrypt “sudo certbot delete”. Everything worked like charm, and Apache haven’t crashed afterwards.
Actually, this is incorrect. Let's Encrypt will not send you expiration reminders about revoked certificates.
This thread has been going for a number of years now, and i think the original question is fully resolved. I'm going to close this one now, but everyone feel free to open a new one if you have more questions.