Certbot Remove Certificate

Sometimes, there might be a need to remove a certificate managed by Certbot. Perhaps, you no longer need the certificate, or you want to replace it with a new one or you are getting the error “Nginx 403 Forbidden” while opening your website after installing the SSL certificate. Whatever the reason may be, removing a certificate from Certbot is a straightforward process.

In this article, we will discuss how to remove a certificate managed by Certbot in a step-by-step manner.

Certbot Remove Certificate

Secure Socket Layer (SSL) certificates are an essential part of any website that wants to ensure secure communication with its users. Certbot is a widely used tool for managing SSL certificates on Linux servers.

It is an open-source tool that automates the process of obtaining, renewing, and revoking SSL certificates.

Steps to Remove Certbot Certificate

For this tutorial, we are using CentOS 8, but you can use this method for any Linux distribution, such as Red Hat Linux, Ubuntu, etc.

 1. Certbot List All Certificates

The first step is to list all the certificates managed by Certbot. To do this, open a terminal or command prompt window on your server and run the following command:

sudo certbot certificates

Below is the sample output of the command.

[opc@cent8 ~]$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -     
Found the following certs:
  Certificate Name: yourwebsite.com
    Serial Number: 3026908a2adacbd3a3fd8584b99b7878965
    Key Type: RSA
    Domains: yourwebsite.com www.yourwebsite.com
    Expiry Date: 2023-05-10 00:55:09+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/yourwebsite.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/yourwebsite.com/privkey.pem  

2. Identify the Certificate

Identify the certificate you want to remove from the list. The certificate’s name is listed in the “Certificate Name” column as shown in the above output. Note down the certificate’s name for the next step.

3. Remove the Certificate

To remove a certificate, use the Certbot command-line tool with the delete subcommand followed by the name of the certificate.

For example, to delete a certificate with the name yourwebsite.com, run the following command:

sudo certbot delete --cert-name yourwebsite.com

Below is the sample output of the command.

[opc@cent8 ~]$ sudo certbot delete --cert-name yourwebsite.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificate(s) are selected for deletion:

  * yourwebsite.com

WARNING: Before continuing, ensure that the listed certificates are not being  
used by any installed server software (e.g. Apache, nginx, mail servers).      
Deleting a certificate that is still being used will cause the server software 
to stop working. See https://certbot.org/deleting-certs for information on     
deleting certificates safely.

Are you sure you want to delete the above certificate(s)?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Deleted all files relating to certificate yourwebsite.com.

4. Check for Any References

After removing the SSL certificate, check for any references to it in your server’s configuration files. If you have other services running on your server that use the same certificate, such as Nginx or Apache, you may need to update their configuration files to remove the references to the deleted certificate.

Below is the output from a website configuration file, which you will need to update after removing the SSL certificate using the Certbot command.

Certbot Remove Certificate - SSL config

5. Verify web server

Once you have removed the SSL certificate entry from your website configuration, make sure to verify your webserver configuration.

For Nginx, you can run “nginx -t” and for Apache, you can run “apachectl configtest

$sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

6. Restart or reload your webserver

Once you have verified the configuration of your web server, now it’s time to restart or reload your webserver.

You can run the below commands depending upon your webserver.

# For restarting Nginx
$ sudo systemctl restart nginx

# For restarting Apache server on CentOs and Ubuntu
$ sudo systemctl restart httpd
$ sudo systemctl restart apache2
# For reloading Nginx Server
$ sudo systemctl reload nginx

# For reloading Apache Server on CentOs and Ubuntu
$ sudo systemctl reload httpd
$ sudo systemctl reload apache2


This is how you can remove the SSL certificate managed by Certbot with just a few commands. We hope you like this article “Certbot Remove Certificate”.

In case of any questions or concerns, please let us know through comments.

Buy me a coffeeBuy me a coffee

Add Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.