Correct way to completely remove issued certificate(s) for a domain


thanks for the reply. it’s not that big of a deal to me…my new cert is just named something like mysite-0001.conf…I can wait until rename is available.


Thanks for solving my issue. You are great.


No effect?? certbot revoke --cert-path /etc/letsencrypt/live/MyDomain/fullchain.pem produced “Congratulations! You have successfully revoked the certificate that was located
at …”, but it is confuse, no “deletion”, all is there when I check again by certbot certificates.

I need a real “delete”, to purge old certificates that are listed in certbot certificates… not see here an instruction and objective “step-by-step” how-to for it.



That’s correct. “certbot revoke” doesn’t delete anything.

(And you don’t need to revoke a certificate before deleting it, unless the private key has been compromised, or you no longer control the domain(s).)

certbot delete --cert-name MyDomain” can be used to delete a certificate’s files. (It doesn’t revoke it.)


Thanks @mnordhoff, certbot delete --cert-name MyDomain worked fine! And important to remember that “… don’t need to revoke a certificate before deleting”.

Well, let’s help to start a fast-guide.


One problem is that you also receive a reminder email when the certificate expires after you delete the certificate. How do I cancel the mail subscription for this certificate while deleting the certificate?


The email contains a link to PERMANENTLY unsubscribe YOUR ADDRESS from alerts for ALL CERTIFICATES, past and future.

It’s not possible to unsubscribe from alerts for only one certificate.

You’ll only get one or two more emails, and they’ll stop after the certificate has expired. Your best option is just to ignore them. :slightly_frowning_face:


Note that certbot delete --cert-name MyDomain leaves Apache and also certbot --apache broken. That is, it does not remove/edit the Apache files after delete, leaving the apache conf files to refer to non-existing files, so restarting apache or re-running certbot --apache will give you an error. Some manual is required to get things back on track.

It would be nice if certbot delete would take care of that too (certbot renew is smart enough to know which method was used to create the certs and use the same one to renew; would be nice if delete could too).


make a feature request

that’s what that section is for :wink:

it’s highly unlinkely that a feature requrest on the end of a chain will be picked up


a one liner!

sudo rm -rf /etc/letsencrypt/{live,renewal,archive}/{${DOMAIN},${DOMAIN}.conf}