Let’s Encrypt is a free, automated, and open certificate authority (CA) that issues free digital certificates, enabling users to configure their websites to use HTTPS (SSL/TLS). Though the process of generating and installing a Let’s Encrypt certificate is simple and can even be automated, mistakes do happen, and you may sometimes want to revoke a certificate.
This short post shows how to take that action, when the occasion calls for it.
To revoke a certificate, assuming you’re using certbot, the official client program, you’ll issue the following command:
# Revoke a certificate using the following command # Replace example.com with your own domain name sudo certbot revoke --cert-path /etc/letsencrypt/live/example.com/fullchain.pem #
That just makes the certificate invalid, but it’s still installed on your system. Now you just need to delete it. To delete a certificate, you first need to find out the name of the certificate to delete. The commands to do both – finding the name of the certificate and deleting it, and their associated outputs, are given in the following code block:
# To delete a certificate, first find the name of the certificate using # > indicates output sudo certbot certificates > Saving debug log to /var/log/letsencrypt/letsencrypt.log > ------------------------------------------------------------------------ > Found the following certs: > Certificate Name: example.com > Domains: example.com www.example.com > Expiry Date: 2017-10-01 00:59:00+00:00 (INVALID: REVOKED) > Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem > Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem > ------------------------------------------------------------------------ # So the name of the certificate is example.com. Now delete it using sudo certbot delete --cert-name example.com > Saving debug log to /var/log/letsencrypt/letsencrypt.log > ------------------------------------------------------------------------ > Deleted all files relating to certificate example.com. > ------------------------------------------------------------------------ #
With that, the certificate is not only revoked, but also deleted from the system. You can now generate and install another certificate using the same domain name and not encounter an error. You may find out more about the Let’s Encrypt service by visiting the project’s home page.
