Remove a site from my server

One of my sites/domains expires, and I don’t want to renew it.

I want to let it expire and remove it from my server, and I want to remove everything, databases, files, apache configurations, and ssl certificate created with certbot.

My server is a Centos8 with apache, certbot and the certificates were installed and created following these instructions: https://certbot.eff.org/lets-encrypt/centosrhel8-apache.

Can you explain how to remove this damn certificate of the domain/site that I want to delete without messing around?

Every time it’s a hell, as soon as I start deleting or disabling something on the site I want to delete certbot and apache start freaking out and I get the most absurd errors, cerbot crashes, apache crashes and all my sites go offline.

I just tried it again now, paying close attention to every single step, I tried to delete the domain certificate only, but it didn’t work, I tried to completely delete the certificate (I have a certificate with all domains inside), it didn’t work , I removed the domain from apache enabled, it didn’t work, I removed the domain from apache avaiable, it didn’t work, I deleted the domain files from the let’s encrypt / live / renew folders, etc, etc, it didn’t work, and step by step apache gets messed up and now I’m restoring a backup of the entire server…

I’m really tired of this thing, it’s a hell every time, and all the guides that are online only generate errors upon errors.

So please somebody explain to me how to correctly remove the certificate of a domain that I want to delete from my server, before I go crazy…

At this point even deleting and completely removing certbot from my server and then reinstalling a new clean version, because I don’t know what mess has already been done, but obviously I can’t do it every time I have to remove a domain in future…

The safe way to do this can be broken down into two steps:

1. Change Apache configuration so that it no longer uses the certificate in question.
2. Delete the certificate from Certbot.

To get started, could you please show the output of:

sudo certbot certificates

and let me know which domain you want to remove from your server.

I can't, they are adult domains and they want their privacy.

Can you just explain what to do? Please...

Sure.

You can back everything up beforehand, in case something does go wrong:

sudo tar cf config-backup.tar /etc/letsencrypt /etc/httpd

Look at the file paths (“Certificate Path”, “Private Key Path”) in the output of certbot certificates.

Then, check each of your Apache virtualhost configuration files, and make sure that those paths are not used anywhere. If they are, remove or disable that virtualhost. Once you’re done with that, reload Apache:

sudo service httpd reload

It’s now safe to remove the certificate from Certbot (where name is the “Certificate Name” listed in the output of certbot certificates):

sudo certbot delete --cert-name name

Finally, make sure you did not make any errors:

sudo httpd -t

But I have about 50 sites and 50 virtual hosts, and since the certificate is unique will it be on all of them?

Then how to restore the certificate on all virtualhosts? With certbot auto?

I don’t know. Do you have one certificate for all virtualhosts, or do you have one certificate per virtualhost?

My previous advice was assuming the latter.

If you only have one certificate which is shared by all virtualhosts, then you can re-issue the certificate, excluding the domains you no longer want.

sudo certbot --apache --cert-name THE_EXISTING_CERT_NAME -d domain1 -d domain2 -d domain3

So, the last one seems to have done something, asked me if I wanted to update the certificate without the domain to be removed

But if now I try to do sudo certbot --apache asks me if I want to include all domains, including the one to remove.

If I delete the domain files from / etc / httpd / sites-available / and / etc / httpd / sites-enabled / this sudo certbot --apache crashes with error: [so: warn] [pid 1086554: tid 140507285092672] AH01574 : module http2_module is already loaded, skipping
httpd: Syntax error on line 402 of /etc/httpd/conf/httpd.conf: Could not open configuration file /etc/httpd/sites-available/domain-to-remove.com-le-ssl.conf: No such file or directory

and apache crashes …

So something must still be left … what?

One more thing, I realized I have two certificates, both with almost all domains on the server, they must be a consequence of some mess made with cerbot in the past …

Though I thought it might be nice to split adult from non-adult domains, but how do I tell a domain which certificate to go to when I add a new domain on the server?

What's on line 402?

Either you need to remove an explicit reference to that file ... or there is a symlink in /etc/httpd/sites-enabled/ which points to /etc/httpd/sites-available/domain-to-remove.com-le-ssl.conf which you need to remove.

So say you have these virtualhosts:

# sudo httpd -S
VirtualHost configuration:
*:80            is a NameVirtualHost
        default server example.com (/etc/apache2/conf/httpd.conf:319)
        port 80 namevhost adultsite.com (/etc/apache2/conf/httpd.conf:319)
                alias www.adultsite.com
                alias sub.aduultsite.com
        port 80 namevhost othersite.com (/etc/apache2/conf/httpd.conf:381)
                alias www.othersite.com

You would split up your certificates along the domain groupings of your virtual hosts. So I'd do something like:

sudo certbot --apache -d adultsite.com -d www.adultsite.com -d sub.adultsite.com

and

sudo certbot --apache -d othersite.com -d www.othersite.com

I'd end up with two certificates, one assigned to each virtual host.

There is a list of all my domains at the end of my httpd.conf file, like:
Include /etc/httpd/sites-available/domain.com-le-ssl.conf

But is this normal?

this probably crash apache...

If it references the domain you want to remove, you should remove it.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.