How to remove let's encrypt on cloned server


#1

New to many things.
Created NextCloud server in test environment with Let’s Encrypt. Looking for best way to remove Let’s Encrypt without losing my test environment. In reading solutions (Help needed to delete certificates) Would deleting or renaming the directory be the best option? I want to keep test environment and use Let’s Encrypt for my production.
VMware 6.5 cloned test server. changed IP and trusted domains.

My domain is:

I ran this command:

It produced this output:

My web server is (include version): apache2

The operating system my web server runs on is (include version): ubuntu 16.04 lts

My hosting provider, if applicable, is: self

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

Hi,

Could you elaborate on “remove let’s encrypt in test environment”?

If you want to remove the certificate but keep the program, just run certbot delete (followed by --cert-path and the Certificate path)

If you want to remove let’s Encrypt itself with certificates, just delete the program and afterwards remove let’s Encrypt folder. (Yum or apt-get)

If you want to remove let’s Encrypt but keep existing certificates, just run yum or apt-get to remove it.

Please note: if you removed certbot, the certificates will not auto renew.

P.S. build from source (certbot-auto) might be a little but different… You could try sudo make uninstall / remove. Or you’ll need to manually delete the files.

Thank you


#3

Hi @galder56,

I don’t quite understand what you’re asking for here. Do you want the test environment to stop using HTTPS entirely?


#4

No. I want to keep it up as test and am creating a production environment.
Thanks.


#5

So, why do you need to remove anything at all from the test environment? Why can’t the test and production environments co-exist?


#6

If I understand I have the Let’s Encrypt registered with testshare.sierra-view.com. If I register the production doesn’t it need to be a different certificate in for the new domain?


#7

Yes, you’ll need to obtain a different certificate for the production domain, but there’s no reason that you have to delete the old certificate.

I guess you’ll to make appropriate changes to your configuration in the production environment so that it knows about the correct production hostname and obtains certificates for the production hostname.


#8

Okay, so as long as everything is changed… like in trusted domains the cert is set to testshare. I just need to change anything that is associated to that and run Let’s encrypt again? I just want to make sure I understand. Thanks for your quick response.


#9

I don’t actually know what you need to change, but I think now I understand the question better!

So I think the question is what configuration changes you need to make in the production VM so that the certificate will be issued and installed to cover the production domain instead of the test domain?


#10

Yes. Exactly. Sorry I didn’t explain it better. First time cloning and since the cert is installed I thought that it needed to be removed in order to set up production. I can bring up nextcloud but it is not secure, so I thought there must be some changes that need to be made in order to bring up production correctly and securely.


#11

OK, how did you originally obtain the certificate? Did NextCloud obtain it automatically for you via a built-in Let’s Encrypt integration?


#12

No. I installed command line before installing NextCloud.


#13

With which Let’s Encrypt client and which command?


#14

This is from the documentation I followed. This is the command that was given.
sudo wget https://dl.eff.org/certbot-auto && sudo chmod a+x certbot-auto


#15

I also created a Cronjob to renew per documentation.


#16

OK, did you already have an Apache virtual host set up for testshare.sierra-view.com before you first ran Certbot?


#17

Yes. I ran sudo apt install lamp-server^
If that helps.


#18

We don’t have a very convenient way to use Certbot with a cloned server where the server name needs to change.

Our basic expectation is that you would first need to change the Apache configuration to refer to the production server name in the virtual host, and then re-run Certbot to issue a new certificate referring to the new name. However, you would still have parts of your configuration in the production VM referring to the old name and those would probably have to be cleaned up manually.


#19

So in your opinion it would possibly be best to just build from scratch instead of trying to shortcut with clone?


#20

I think the clone strategy is OK, but it will probably require some manual editing of the Apache configuration to get rid of the Apache references to the old server name and the old certificate (which I now guess is the focus of your original question which I kind of misunderstood).