Old configuration cleanup

Hello,
I have setup my SSL cert correctly, no problem there. I just want to cleanup my /etc/letsencrypt folder.

I got email about using old v1 ACME protocol, so I looked into my certbot and found out that I am using some old version - certbot version: 1.2.0. So I installed new one from apt repository. It upgraded my old configuration and seems to be working fine.
But now I have maybe some old files in /etc/letsencrypt/configs/. Files there matches domain name. Are they still used by new certbot 0.31.0?
I think they are not loaded because I have there config “rsa-key-size = 4096” and new keys are only 2k size.
Can I remove them?

Is new configuration stored in /etc/letsencrypt/renewal ? In file [domain].conf?
I tried to look at https://certbot.eff.org/docs/using.html#configuration-file but its pretty vague.

Thanks,
JIV

1 Like

Hi @JIV

use

certbot certificates

to find your certificates. There you see your exact folder names.

Then use

certbot delete [certificatename]

to delete all not longer used certificates.

1 Like

Note that Certbot 1.2.0 is a newer version than 0.31.0. All 1. versions are newer than all 0. versions.

2 Likes

I seriously thought there was some change in release numbers. Anyway it means Ubuntu PPA is much much older than my own standalone version.
Is it wrong use such old version? Maybe that PPA is no longer maintained?

Anyway, even after using certbot delete [certificatename], config files are still there. I think they are orphaned. Do you suppose to have any files under /etc/letsencrypt/configs ?

Are you sure it’s /etc/letsencrypt/configs and not /etc/letsencrypt/renewal?

1 Like

Thats the thing, I have both :slight_smile: And I think configs is from some very old installation.

It contains this line:
# the current closed beta (as of 2015-Nov-07) is using this server
server = https://acme-v01.api.letsencrypt.org/directory

Wow! That is an old configuration.

I don’t believe a current Certbot has any reason to look at that, unless you tell it to with the -c option.

There seem to be various very old tutorials referencing /etc/letsencrypt/configs/ and also tutorials referencing that comment. E.g. this one:

https://docs.fusionpbx.com/en/latest/getting_started/lets_encrypt.html

Which mostly talks about Dehydrated or something and then switches to Certbot near the end.

It does explicitly tell you to create a file like that and then specify the -c option.

/etc/letsencrypt/configs/ has to be something that you manually created, or that may have been created by some sort of script or control panel or something that you were using. They aren’t part of Certbot itself and probably never were. Before deleting them, you’d have to determine why they exist and if you’re still using them. :confused:

Edit:

As another example, there’s this tutorial:

Which also tells you to create a cron job that runs a shell script that also relies on those config files.

(And it says to run it precisely at midnight on the first of the month! Do not do that.)

If you’re relying on something like that, you have to switch to a better/different/modern setup before you can delete them.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.