Removal of old let's encrypt certificates

NethServer Version: 7.9.2009

  1. I have expanded a certificate with additional domain name and NS created a new one ending in -0001. Can this be prevented?
  2. The directories /etc/letsencrypt/live/ and /etc/letsencrypt/renewal/ lot’s contain of old certificates which are not displayed in the NS GUI. Can these be deleted safely? Are there other references to this old certificates which have to removed?

It can be prevented if you’re obtaining the cert at the command line, using the --cert-name and --expand directives. I don’t believe there’s a way to do it through the GUI, though.

There shouldn’t be any certs in either place–/live/ should have only symlinks to actual cert files (which should be in /archive/), while /renewal/ should have only the renewal configuration files. But if those other certs aren’t showing in the GUI, and you aren’t otherwise using them elsewhere, there shouldn’t be any problem doing certbot delete --cert-name blah to delete them.

2 Likes