Remove certificate

New to Certbot - great product!

Using AWS.

My problem is I have created a new AWS instance setting up a LAMP server. To do this I used an AMI for an existing LAMP, but this relates to another doamin so I am now looking to remove the certificate from the new LAMP server

What command to I use to be sure I don't compromise the original AMI site?


I'm not entirely sure what's going on exactly (too many abbreviations for my comfort :stuck_out_tongue:)

So if I understand you correctly, your new server, which is going to be used for a whole different domain, has somehow gotten a copy of the certificate of the old server. And you're asking if deleting the copy of the cert from the new server will compromise the cert on the old server, right?

If the above is the case: removing (without revoking) a copy of a cert won't have any influence on the original cert: they are just files. Only revoking the cert will be an issue, as that's centrally regulated by Let's Encrypt and would invidate any copy of the cert.

Yes - That's correct (my apologies for the lack of clarity!)
So do I use the Remove command?
Many Thanks

The certbot command is delete actually. Use certbot certificates to identify the certificate name you want to delete and use it with --cert-name in combination with the delete subcommand.

Note that this wilk only remove the certificate from certbot! If there's any reference to that certificate in your webservers configuration file, this will give errors when reloading or (re)starting the webserver. You'll need to remove it manually from the configuration file(s).

Thanks again

Just to clarify - can you confirm - is the below approach correct?

I am trying to remove it from the new website (that I created with the AMI copy), and leave it live for the original site - so I want to leave it on the CertBot Servers, but remove it from this new website.

Sounds like I need to use the delete command on the new website server and then remove any reference of the certificate from the conf files?

There's no such thing. Certbot, as (as far as I know) every ACME client, runs locally. There's no "cloud' server where the certificates (and more importantly, the private key!) are stored. Although I guess the certificates are cached on the ACMe server and sent to a bunch of certificate logs. But that doesn't change the fact that certbot runs locally with regard to certificate storage and deletion.

Correct. You'll need to change the conf files anyway to set up your other site.

Got it - Many Thanks :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.