Hi everyone,
Does anyone know how I can remove a certificate that I uploaded. All I can do is set the default but I would actually like to remove and there is no way to do that from the Cockpit.
Thanks
Hi everyone,
Does anyone know how I can remove a certificate that I uploaded. All I can do is set the default but I would actually like to remove and there is no way to do that from the Cockpit.
Thanks
Hi Patrick,
I’ve found the following solution from @federico.ballarini:
If you don’t have a letsencrypt, perhaps he has another idea too.
If they’re certs from Let’s Encrypt, the easy answer would be certbot delete --cert-name whatever.yourdomain.tld
.
I would love a way to delete expired certificates.
Or even better, a script that updates an existing certifciate and puts it where it needs to be and restarts all affected services. That way I don’t need to upload a new cert every three months. (I use LetsEncrypt domain certificate on another computer and move it where it’s needed).
Um, why?
signal-event certificate-update
Replacing a certificate every three months ends up with a lot of expired certificates that clutter up the display
Gerald
No, you really don’t. Just put the files somewhere consistent, do
config setprop pki CrtFile /etc/pki/tls/certs/cert.pem
config setprop pki ChainFile /etc/pki/tls/certs/chain.pem
config setprop pki KeyFile /etc/pki/tls/private/privkey.pem
substituting the paths with whatever you want. Then run signal-event certificate-update
. It will make any necessary copies, set any necessary permissions, and restart or reload any services that use the cert. When renewal time hits, overwrite the old files and run signal-event certificate-update
again. Scripting this on a remote host would be trivial. And as a bonus, since the file names aren’t changing, it stays as a single entry in the server-manager.
Also consider obtaining and renewing the cert on the Neth box itself. If it isn’t exposed to the Internet, you could consider DNS validation instead. See:
https://wiki.nethserver.org/doku.php?id=userguide:let_s_encrypt_for_internal_servers
https://wiki.nethserver.org/doku.php?id=userguide:let_s_encrypt_acme-dns
Sorry, didn’t get the chance to come back to this any sooner. If I go in the folder where the certs are stored, can I just delete the useless certs? If so, in what folder are they?
I would look at /etc/pki/tls/certs/
, but I can’t check at the moment.
I recommend you to move the files, not to delete at the first step. If everything is, you can remove them.
Thanks! I’ll give that a try!
I completely forgot to try this. Just did, I moved the certs but they are still showing in the list. Perhaps I need to reboot.
I found the solution. Under /etc/pki/tls, there is private folder where the keys are stored. What I did was, moved the keys in a temporary folder, did the same for the certs and then the certificates are now gone from the list!!!
I wish NethServer would simply just have a way for us to remove certs directly or at at least move them in another view, and expired ones in a separate view as well.
I think this is a good idea. Why don’t you do a feature request.
cc: @dev_team
PS: Please mark this topic as solved.