Correct Way to Delete a Certbot SSL Certificate

Normally, you would wait for a certificate to expire, but what if you have an issued certificate for a domain name you don’t need anymore? What is the correct way to completely remove its files from your server?

In a previous tutorial, I’ve explained how to create a Certbot SSL certificate on Ubuntu using the Nginx plugin.

It is not about deleting one file manually. At least, you would need to go through the following directories and delete the files associated with the domain name.

  • /etc/letsencrypt/archive
  • /etc/letsencrypt/live
  • /etc/letsencrypt/renewal

Command to Delete Certbot Certificate

Luckily, a feature exists to perform the deletion automatically for you. This command will offer an index from which you can select the domain name to delete:

$ sudo certbot delete

Type the index number of the domain name’s certificate you want to delete and press enter. The issued certificate will be then deleted.

Delete Certbot Certificate by Domain Name

Reader Tim Thorp kindly provided a more immediate way to delete a Certbot certificate by including the domain name in the command like this:

$ sudo certbot delete --cert-name

This could be useful if the domain name does not appear in the index.