How to delete a certificate used by websites hosted on Apache?

I have a certificate used by some websites hosted on my Apache server. I have already revoked the certificate via certbot.

I would like to delete the certificate. I have already done it for another certificate by running the command: certbot-auto delete --cert-name exampleCertName

The result was disaster for the websites as it took down the Apache server. Reason being the certificate files are still being referred to in virtual host (vhost) files of Apache. When there is such a problem with any of the vhost files, it seems the whole Apache goes down.

I know that there is an Apache plugin for certbot which is used in new certificate creations. e.g.
certbot-auto run --apache
which creates the certificate and nicely updates the Apache settings (vhost files).

I looked for, but failed to find the corresponding command (a command or certbot command modifier which would adjust the Apache files when deleting the certificate files) for the deletion of certificates. But I could not find any. If it is already in Certbot documentation, I overlooked it I guess.

I appreciate your help!

My web server is Apache 2.4.10
The operating system my web server runs on: Debian v8.10
The version of my client is ( certbot-auto --version gives): 1.4.0

1 Like

Hi @isoguci1

simple answer. Don’t do that if you don’t have the certificate replaced.

That’s

the result.

  • create a new certificate
  • use it
  • create the next certificate
  • use that
  • if the first is expired (and not longer used), you can delete it
2 Likes

An HTTPS enabled vhost config requires a certificate to work.
Deleting the certificate leaves the config pointing to missing files.
And breaks the web server that uses that config.
There is no one-click complete delete and removal of a cert.
You must search for all configs that use the cert and modify them to use another cert or remove HTTPS altogether from their configs before deleting their cert.

2 Likes

Certbot’s web server integrations currently only include installers, not uninstallers. There is a revert command to undo the changes that Certbot made to your web server configuration, but this may not be appropriate if you’ve made changes to the same files during the same period, because it may overwrite your changes.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.