How to Revoke Let’s Encrypt Certificates on Ubuntu Linux
You revoke Let’s Encrypt certificates on Ubuntu Linux to immediately disable an SSL/TLS certificate for a domain, making it untrusted by browsers.
Revoking a certificate is crucial if you suspect its private key has been compromised or if you’ve migrated your hosting and no longer manage SSL yourself.
For instance, if you’ve recently moved to a cloud load balancer that handles certificate management, like Google Cloud Load Balancing, you’ll want to revoke your existing Let’s Encrypt certificates.
This process ensures you don’t have overlapping or unnecessary certificates active.
Revoke a Let’s Encrypt certificate by running `certbot revoke –cert-path /etc/letsencrypt/live/your_domain/cert.pem –key-path /etc/letsencrypt/live/your_domain/key.pem`. Confirm package removal with `sudo apt purge letsencrypt certbot`. Finally, delete the configuration directory using `sudo rm -rf /etc/letsencrypt`.
Validate Certificate file
Before you revoke a Let’s Encrypt certificate, it’s important to double-check you have the correct file. Revoking a certificate is permanent, meaning it can never be used again once the action is completed. The certificate authority will then publish this information so browsers know not to trust it.
When you revoke a certificate, the certificate authority publishes this information via the Online Certificate Status Protocol (OCSP). Some browsers then check OCSP to verify if they should trust the certificate.
Revoke a Certificate for example.com
To revoke a Let’s Encrypt certificate for your domain, like example.com, you’ll use a specific command. This command tells Certbot to start the revocation process for the certificate file. Make sure you replace the example paths with the actual location of your certificate and key files.
certbot revoke --cert-path /etc/letsencrypt/live/example.com/cert.pem --key-path /etc/letsencrypt/live/example.com/key.pem
Let’s Encrypt typically stores its certificates and corresponding keys in the /etc/letsencrypt/live/example.com/ directory. Remember to replace example.com with the actual domain name for which you issued the certificate.
After running that command, you’ll be asked to confirm that you want to remove the certificate’s directory and folders. Type ‘y’ for yes.
Uninstall Let’s Encrypt | Certbot
If you want to stop using Let’s Encrypt and Certbot entirely, you can uninstall them from your Ubuntu system. This process involves running a couple of commands to remove the software and its related packages. You’ll be asked to confirm the removal, so be ready to type ‘y’ to proceed.
sudo apt update sudo apt purge letsencrypt && sudo apt purge certbot
After running those commands, you’ll be asked to confirm that you want to remove the listed packages. Type ‘y’ for yes.
Finally, run the commands below to remove Let’s Encrypt directories.
sudo rm -rf /etc/letsencrypt
That should complete the process!
Conclusion:
You’ve now learned how to revoke Let’s Encrypt certificates and uninstall associated packages and directories. If you encounter any issues with these steps, please leave a comment below.
You might also find the following post helpful:
Was this guide helpful?
About the Author
Richard
Tech Writer, IT Professional
Richard, a writer for Geek Rewind, is a tech enthusiast who loves breaking down complex IT topics into simple, easy-to-understand ideas. With years of hands-on experience in system administration and enterprise IT operations, he’s developed a knack for offering practical tips and solutions. Richard aims to make technology more accessible and actionable. He's deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions.
key.pem isn’t there but privkey.pem is. What should I do?