I have got into a massive muddle with my certificates and certbot and I would really like to start again. I have seen another question similar to this but, instead of answering it, a long winded discussion about how to resolve the mess ensued.
Is it possible to remove all the changes made by certbot from my server with one or at least a small number of commands?
I would think that the answer is YES to your title question on "Is it possible to remove all the changes made by certbot from my server?"
... with one or at least a small number of commands?
I am not sure. I don't know what your vantage point is in defining a small number.
I know I build and rebuild systems until it is what I want, so often I restart as my step 1.
For most people I believe that is not desirable.
I think that is irrelevant, uninteresting and unfriendly.
Sorry, not trying to be unfriendly; just trying to share I do not do things in a typical fashion.
Please wait for other volunteers to assist.
There is a certbot revert command, but it's not really advisable to use it.
Realize that Apache needs certificates to start, if you have SSLEngine on in the virtualhost.
Why is not advisable to use certbot revert?
If you have a mess there is not likely a single command that will fix it. Unless you have a backup from before that you can restore from.
These steps relate to your config as described in your earlier thread (no one else should rely on this). You say you want to remove all changes and it looks like certbot created your HTTPS VirtualHosts. If that's the case you could try:
If you made manual changes to the -le-ssl.conf files then makes notes or backups of those changes to re-apply later.
If you still plan to use certbot I would delete all the certs shown by certbot certificates. You say they are a mess so no sense keeping them. If you've done the above and restarted Apache you won't have any functioning HTTPS domains so it is safe to delete the certs. You might want to review this topic on Deleting Certs before proceeding
That all said, I can't test this on your config obviously. So, rely on your own admin skills to adjust as needed. Take backups and good notes as you proceed in case something goes awry.
Lastly, if you want full control of your web server config you should use the --webroot method instead of the apache plug-in. Webroot will only obtain certs and leave you to install them in your webserver (that is, make all the required config changes).
Testing and debugging are best done using the Staging Environment as the Rate Limits are much higher. Rate Limits are per week (rolling).
And to assist with debugging there is a great place to start is Let's Debug.
because it might not do what you want or anything useful at all. even more so if you also edited the configuration yourself.
it's better to decide what your desired configuration is and we can probably help in reaching that.
I think probably I should persevere without trying to go back to the beginning but it is good to know what that would involve.
I have posted a new question which I think describes the situation I am in more accurately than this or my previous post so hopefully might enable someone to help.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.