Ubuntu Linux

How to Revoke Let’s Encrypt Certificates on Ubuntu Linux

Richard
Written by
Richard
Nov 6, 2019 Updated Mar 16, 2026 4 min read

This brief tutorial shows students and new users how to revoke Let’s Encrypt SSL/TLS certificates and remove Let’s Encrypt | Certbot packages and directories.

You’d want to revoke an SSL/TLS certificate for many reasons.

If you discover that the corresponding private key to the public certificate is no longer safe, you will want to revoke the certificate and request a new one.

Or if you no longer need to use a particular certificate, you can either let it run until it’s expired or revoke it.

We recently revoked our Let’s Encrypt certificates because we migrated to Google Compute Load Balancer / Cloud CDN.

Before we migrated, we handled all our Let’s Encrypt SSL certificates, including automatic renewal requests. Since the GCP load balancer provides and manages Let’s Encrypt SSL/TLS certificates for hosts, there was no reason to manage ours anymore.

So, we revoked all our certificates and transferred the certificate requests and management to Google.

When you want to learn how to revoke Let’s Encrypt SSL/TLS certificates, follow the steps below:

Validate Certificate file

Before you revoke a certificate, you’ll want to validate the correct certificates and critical file you’re revoking since there is no reversal. Once a certificate is revoked, it will never be used again.

When you revoke a certificate, the certificate authority publishes that revocation information through the Online Certificate Status Protocol (OCSP), and some browsers will check OCSP to see whether they should trust a certificate.

Revoke a Certificate for example.com

Now that you know the certificate you want to revoke, simply run the command below to revoke a certificate for the domain example.com

💻Code
certbot revoke --cert-path /etc/letsencrypt/live/example.com/cert.pem --key-path /etc/letsencrypt/live/example.com/key.pem

Let’s Encrypt typically stores its certificates and corresponding keys in the /etc/letsencrypt/live/example.com/ directory. Replacing example.com with the domain name you issued for the certificate.

When you run the command above, you’ll get prompted to remove the certificate’s directory and folders. In most cases, you’ll want to type y for yes.

Uninstall Let’s Encrypt | Certbot

You can remove or purge the app and packages from your system if you don’t want to use Let’s Encrypt of Certbot to manage your certificates. To do that, simply run the commands below:

🐧Bash / Shell
sudo apt update
sudo apt purge letsencrypt && sudo apt purge certbot

When you run the commands above, you’ll be prompted to confirm that you want to remove the listed packages. Choose yes.

Finally, run the commands below to remove Let’s Encrypt directories.

🐧Bash / Shell
sudo rm -rf /etc/letsencrypt

That should do it!

Conclusion:

You have learned how to revoke Let’s Encrypt certificates and uninstall and remove packages and directories installed by Let’s Encrypt packages. If you do find issues with the steps above, please comment below:

You may also like the post below:

How do I revoke a Let's Encrypt certificate on Ubuntu?

To revoke a Let's Encrypt certificate on Ubuntu, use the command 'certbot revoke --cert-path /etc/letsencrypt/live/example.com/cert.pem --key-path /etc/letsencrypt/live/example.com/key.pem', replacing 'example.com' with your domain name. Ensure you validate the certificate file before revocation, as it cannot be reversed.

What should I do before revoking a Let's Encrypt certificate?

Before revoking a Let's Encrypt certificate, validate that you have the correct certificate and key files. Once revoked, the certificate will not be usable again, and the revocation information will be published through the Online Certificate Status Protocol (OCSP).

Can I uninstall Certbot after revoking my Let's Encrypt certificates?

Yes, you can uninstall Certbot after revoking your Let's Encrypt certificates. Use the commands 'sudo apt purge letsencrypt && sudo apt purge certbot' to remove the packages, and then run 'sudo rm -rf /etc/letsencrypt' to delete the directories.

Why would I need to revoke a Let's Encrypt certificate?

You may need to revoke a Let's Encrypt certificate if the private key is compromised or if you no longer require the certificate. Revocation ensures that the certificate cannot be used for secure connections, protecting your site from potential security risks.

What happens after I revoke a Let's Encrypt certificate?

After revoking a Let's Encrypt certificate, the certificate authority publishes the revocation information, which browsers may check via OCSP. This means that the revoked certificate will no longer be trusted, and you should request a new certificate if needed.

Was this guide helpful?

Tags: #Ubuntu Linux
Richard

About the Author

Richard

Tech Writer, IT Professional

Richard, the owner and lead writer at Geek Rewind, is a tech enthusiast passionate about simplifying complex IT topics. His years of hands-on experience in system administration and enterprise IT operations have honed his ability to provide practical insights and solutions. Richard aims to make technology more accessible and actionable. He's deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions.

2458 articles → Twitter

📚 Related Tutorials

Set Up SFTP with Chroot on Ubuntu 24.04
Ubuntu Linux Set Up SFTP with Chroot on Ubuntu 24.04
How to Change Screen Brightness in Ubuntu Linux
Ubuntu Linux How to Change Screen Brightness in Ubuntu Linux
How to Install Joomla on Google Cloud Server
CMS How to Install Joomla on Google Cloud Server
Download Bing Wallpaper for Ubuntu Linux: A Quick Guide
Ubuntu Linux Download Bing Wallpaper for Ubuntu Linux: A Quick Guide

0 responses to “How to Revoke Let’s Encrypt Certificates on Ubuntu Linux”

Leave a Reply

Your email address will not be published. Required fields are marked *

Exit mobile version