Revoking Lets Encrypt Certificate properly

When you want to learn how to revoke Let’s Encrypt SSL/TLS certificates, follow the steps below:

Step 1: Validate Certificate file

Before you revoke a certificate, you’ll want to validate that the correct certificates and key file you’re revoking.. since there is no reversal.. Once a certificate is revoked, it will never be used again…

When you revoke a certificate, the certificate authority publishes that revocation information through the Online Certificate Status Protocol (OCSP), and some browsers will check OCSP to see whether they should trust a certificate…

Step 2: Revoke a Certificate for

Now that you know the certificate you want to revoke, simply run the command below to revoke a certificate for the domain

certbot revoke --cert-path /etc/letsencrypt/live/ --key-path /etc/letsencrypt/live/

Let’s Encrypt typically stores its certificates and corresponding key in the /etc/letsencrypt/live/ directory… Replacing with the domain name you issued for the certificate…

When you run the command above, you’ll also get prompted whether to also remove the directory and folders of the certificate… most cases, you’ll want to type y for yes…

Step 3: Uninstall Let’s Encrypt | Certbot

If you don’t want to use Let’s Encrypt of Certbot to manage your certificates, you can completely remove or purge the app and packages from your system.. To do that, simply run the commands below:

sudo apt update
sudo apt purge letsencrypt && sudo apt purge certbot

When you run the commands above, you’ll be prompted to confirm that you want to remove listed packages.. Choose yes…

Finally, run the commands below to remove Let’s encrypt directories…

sudo rm -rf /etc/letsencrypt

That should do it!



Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.