How to Revoke Let’s Encrypt Certificates on Ubuntu Linux
You revoke Let’s Encrypt certificates on Ubuntu Linux to immediately disable an SSL/TLS certificate for a domain, making it untrusted by browsers.
Revoking a certificate is crucial if you suspect its private key has been compromised or if you’ve migrated your hosting and no longer manage SSL yourself.
For instance, if you’ve recently moved to a cloud load balancer that handles certificate management, like Google Cloud Load Balancing, you’ll want to revoke your existing Let’s Encrypt certificates.
This process ensures you don’t have overlapping or unnecessary certificates active.
Revoke a Let’s Encrypt certificate by running `certbot revoke –cert-path /etc/letsencrypt/live/your_domain/cert.pem –key-path /etc/letsencrypt/live/your_domain/key.pem`. Confirm package removal with `sudo apt purge letsencrypt certbot`. Finally, delete the configuration directory using `sudo rm -rf /etc/letsencrypt`.
Validate Certificate file
Before you revoke a Let’s Encrypt certificate, make sure you have the right file. Revoking a certificate is permanent, so once it’s done, it can’t be undone. The certificate authority will then tell browsers not to trust it anymore.
When you revoke a certificate, the certificate authority publishes this information via the Online Certificate Status Protocol (OCSP). Some browsers then check OCSP to verify if they should trust the certificate.
Revoke a Certificate for example.com
You can revoke a Let’s Encrypt certificate for your domain, like example.com, using a specific command. This command tells Certbot to start the process for your certificate file. Remember to replace the example paths with the actual location of your certificate and key files.
certbot revoke --cert-path /etc/letsencrypt/live/example.com/cert.pem --key-path /etc/letsencrypt/live/example.com/key.pem
Let’s Encrypt typically stores its certificates and corresponding keys in the /etc/letsencrypt/live/example.com/ directory. Remember to replace example.com with the actual domain name for which you issued the certificate.
After running that command, you’ll be asked to confirm that you want to remove the certificate’s directory and folders. Type ‘y’ for yes.
Uninstall Let’s Encrypt | Certbot
You can uninstall Let’s Encrypt and Certbot from your Ubuntu system if you want to stop using them completely. This involves running a couple of commands to remove the software and its related packages. You’ll need to type ‘y’ to confirm the removal when asked.
sudo apt update sudo apt purge letsencrypt && sudo apt purge certbot
After running those commands, you’ll be asked to confirm that you want to remove the listed packages. Type ‘y’ for yes.
Finally, run the commands below to remove Let’s Encrypt directories.
sudo rm -rf /etc/letsencrypt
That should complete the process!
Conclusion:
You’ve now learned how to revoke Let’s Encrypt certificates and uninstall associated packages and directories. If you encounter any issues with these steps, please leave a comment below.
You might also find the following post helpful:
Was this guide helpful?
About the Author
Richard
Tech Writer, IT Professional
Richard, a writer for Geek Rewind, is a tech enthusiast who loves breaking down complex IT topics into simple, easy-to-understand ideas. With years of hands-on experience in system administration and enterprise IT operations, he’s developed a knack for offering practical tips and solutions. Richard aims to make technology more accessible and actionable. He's deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions.
key.pem isn’t there but privkey.pem is. What should I do?