Delete unnecessary certificates?

Will this cause an issue? In laymans terms, "Do I need to delete past certificates of a domain whether expired or not, for speed or some other reason?" Thank you for any help.

Also, just to clarify, these certificates were created when setting up my website multiple times on AWS (lightsail(Apache on Bitnami stack)) due to having an issue where the certificate works with the DNS record but not the actual static IP address which AWS states in the documentation to use in order to verify that the certificate is indeed working correctly...

P.S. I apologize if this has been asked before and due to the nature of the question I feel like it must be somewhere but I cannot find a definitive answer. Thank you again.

1 Like

Hi @jnholmes,

You cannot delete certificates from Certificate Transparency logs, which is what the service (that your screenshot above comes from) uses.

Certificates naturally expire over time and get replaced with other new ("renewal") certificates. Even when you have several certificates active at once with the same or overlapping domain coverage, these are not considered to conflict or contradict each other, and each one will be independently valid and acceptable. There are legitimate reasons to have multiple certificates active at the same time, like when hosting the same service on multiple different servers.

In conclusion, you don't need to delete old or duplicative certificates, unless they are causing some kind of problem or confusion for you in the administration of your server.

Also note that deleting certificates (removing a copy of them from somewhere) is different from revoking them (asking the certificate authority to declare that they are no longer valid and should no longer be accepted). You also don't need to revoke old certificates, unless you have some knowledge that an unauthorized person had access to their private keys.


That said, it might be the case that one or more of these kinds of certificates are redundant and perhaps not even used. It's probably a good idea "clean" your ACME client from unused certificates which otherwise might automatically renew perpetually without even being used. Which is of course wasteful with regard to resources spend by the ACME server.

With regard to your specific case it might be that your previous certificate for just has been expanded when the www subdomain was added. In that case you'd only have a single certificate for and, which is fine. But you might have two. Probably a good idea to check your ACME client.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.