For “manual” DNS-challenge: Can we delete the seemingly “non core” files in /etc/letsencrypt (besides the 4, core *.pem files) and still properly function?
Details:
The only two files you actually need for a TLS server are privkey.pem and fullchain.pem from /etc/letsencrypt/live/<domain>/.
Don’t directly reference anything inside /etc/letsencrypt/archive, that’s Certbot’s internal state.
If you discard the rest of /etc/letsencrypt/ every time you issue a certificate, it means you are losing all of the other state used by Certbot - such as your Let’s Encrypt ACME account. Sure, you can just register a new account every time you go through this process, but it’s mildly impolite and seems otherwise pointless. Why not just keep it around?
2 Likes
Account registration is also rate limited. If you issue certificates frequently, registering new accounts and discarding them every time, you could run into problems.
1 Like
Does “properly function” include the ability to have Certbot renew the certificate? If so, then you also need /etc/letsencrypt/renewal and /etc/letsencrypt/accounts.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.