The removal of ssl certificates (lets encrypt)

Discussion in 'General' started by Yarnell, Jan 24, 2021.

  1. Yarnell

    Yarnell Member

    Good day all,
    While searching around for the file that initiates the installation of an ssl cert I found:
    This file allows me to change the behavior of the cert install.

    Question is... what file initiates the removal of a certificate? I can't
    seem to find anything that relates to revoking a certificate.

  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  3. user848429

    user848429 New Member

    To remove a certificate, I use

    rm -rf /etc/letsencrypt/live/{DOMAIN}
    rm -rf /etc/letsencrypt/renewal/{DOMAIN}.conf
    rm -rf /etc/letsencrypt/archive/{DOMAIN}
    Yarnell likes this.
  4. Yarnell

    Yarnell Member

    Ahhh, ok, so that would explain why I couldn't find anything. So my next question would be
    What file is responsible for the removal of the certificate within ispconfig?
    (ie. removal from apache config, etc...)
  5. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    When you disabled disable SSL, the vhost is regenerated based on the vhost template. The SSL lines will be left out when it is not enabled.
    Steini86 likes this.
  6. Steini86

    Steini86 Active Member

    As @Th0m said. Just a bit more background:
    If you activate SSL, then the certs in /var/www/clients/clientX/webYY/ssl are used. If you activate LetsEncrypt, the certs are generated and a symlink (certbot) or copy ( is created in that webYY/ssl folder. If you deactivate SSL, the config to use is deactivated, but the certs stay where they are. You can remove them manually or overwrite with your new ones
    Th0m likes this.
  7. Yarnell

    Yarnell Member

    Much thanks for the guidance everyone. I was able to find what I was looking for. It was in the:
    /usr/local/ispconfig/server/plugins-available/ file.
    on line 1338. It is a block of code that controls the ssl columns in the database. I am able to use that to automate my own updates.

Share This Page