There seems to be no real documentation on how to uninstall the LetsEncrypt software and all of its changes entirely


#1

The issue.

I’ve managed to tangle my self up in LetsEncrypt spaghetti. It seems that there are a lot of usage cases that need documenting a bit more before I go exploring my way down the rabbit hole. I was trying to run the LE client to add another site as explained in this thread then I managed to tangle myself up and just wanted to uninstall and reinstall the LE software and TLS certs to go back to a working state and now because I have no real idea what was installed when I ran the LE client I’m stuck with a broken website.

A potential fix for the issue.

There really needs to be a bit more documentation about how to fully clean up after anything that might have changed in my configs. Even if it just makes mention of the configs that its changed in a log file I could try and untangle it myself.


#2

The official client supports the rollback command, which will try to restore your apache configuration to the state it was in before you first ran letsencrypt. (Disclaimer: I’m not certain what would happen to changes made after letsencrypt was run.)

./letsencrypt-auto rollback will restore your configuration.
./letsencrypt-auto config_changes will show any changes made by letsencrypt. Example output:

-------------------------------------------------------------------------------
Tue Jan  5 06:22:03 2016
-- Deployed Let's Encrypt Certificate --
Created ssl vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
Enabled dependency of ssl module - socache_shmcb
Enabled ssl module in Apache
Changed vhost at /etc/apache2/sites-available/000-default-le-ssl.conf with
addresses of *:443
        SSLCertificateFile /etc/letsencrypt/live/le-test-1.pf.vc/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/le-test-1.pf.vc/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/le-test-1.pf.vc/chain.pem
Enabled site /etc/apache2/sites-available/000-default-le-ssl.conf

Affected files:
  /etc/apache2/sites-available/000-default-le-ssl.conf
New Configuration Files:
  /etc/apache2/sites-available/000-default-le-ssl.conf
  /etc/apache2/sites-enabled/000-default-le-ssl.conf

-------------------------------------------------------------------------------

This information is stored in /var/lib/letsencrypt/backups, in case you want to manually inspect it.

There’s currently not a whole lot of documentation on this, other than the commands being mentioned when you run --help.


#3

Sweet thanks for the documentation!