For “manual” DNS-challenge: Can we delete the seemingly “non core” files in /etc/letsencrypt (besides the 4, core *.pem files) and still properly function?
Details:
For “manual” DNS-challenge: Can we delete the seemingly “non core” files in /etc/letsencrypt (besides the 4, core *.pem files) and still properly function?
Details:
The only two files you actually need for a TLS server are privkey.pem
and fullchain.pem
from /etc/letsencrypt/live/<domain>/
.
Don’t directly reference anything inside /etc/letsencrypt/archive
, that’s Certbot’s internal state.
If you discard the rest of /etc/letsencrypt/
every time you issue a certificate, it means you are losing all of the other state used by Certbot - such as your Let’s Encrypt ACME account. Sure, you can just register a new account every time you go through this process, but it’s mildly impolite and seems otherwise pointless. Why not just keep it around?
Account registration is also rate limited. If you issue certificates frequently, registering new accounts and discarding them every time, you could run into problems.
Does “properly function” include the ability to have Certbot renew the certificate? If so, then you also need /etc/letsencrypt/renewal
and /etc/letsencrypt/accounts
.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.