Partner links

How to revoke a Let’s Encrypt certificate

Let's Encrypt

Let’s Encrypt is a free, automated, and open certificate authority (CA) that issues free digital certificates, enabling users to configure their websites to use HTTPS (SSL/TLS). Though the process of generating and installing a Let’s Encrypt certificate is simple and can even be automated, mistakes do happen, and you may sometimes want to revoke a certificate.

This short post shows how to take that action, when the occasion calls for it.

To revoke a certificate, assuming you’re using certbot, the official client program, you’ll issue the following command:

# Revoke a certificate using the following command
# Replace example.com with your own domain name

sudo certbot revoke --cert-path /etc/letsencrypt/live/example.com/fullchain.pem

#

That just makes the certificate invalid, but it’s still installed on your system. Now you just need to delete it. To delete a certificate, you first need to find out the name of the certificate to delete. The commands to do both – finding the name of the certificate and deleting it, and their associated outputs, are given in the following code block:

# To delete a certificate, first find the name of the certificate using
# > indicates output

sudo certbot certificates

> Saving debug log to /var/log/letsencrypt/letsencrypt.log

> ------------------------------------------------------------------------
> Found the following certs:
>  Certificate Name: example.com
>    Domains: example.com www.example.com
>    Expiry Date: 2017-10-01 00:59:00+00:00 (INVALID: REVOKED)
>    Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
>    Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
> ------------------------------------------------------------------------

# So the name of the certificate is example.com. Now delete it using


sudo certbot  delete  --cert-name example.com

> Saving debug log to /var/log/letsencrypt/letsencrypt.log

> ------------------------------------------------------------------------
> Deleted all files relating to certificate example.com.
> ------------------------------------------------------------------------

#

With that, the certificate is not only revoked, but also deleted from the system. You can now generate and install another certificate using the same domain name and not encounter an error. You may find out more about the Let’s Encrypt service by visiting the project’s home page.

Let's Encrypt free SSL certificates

Share:

Facebook
Twitter
Pinterest
LinkedIn

Partner links

Newsletter: Subscribe for updates

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Get the latest

On social media

Security distros

Hacker
Linux distros for hacking and pentesting

Crypto mining OS

Bitcoin
Distros for mining bitcoin and other cryptocurrencies

Crypto hardware

MSI GeForce GTX 1070
Installing Nvidia GTX 1070 GPU drivers on Ubuntu

Disk guide

LVM
Beginner's guide to disks & disk partitions in Linux

Bash guide

Bash shell terminal
How to set the PATH variable in Bash
Categories
Archives
0
Hya, what do you think? Please comment.x
()
x