Hi everyone,
Does anyone know how I can remove a certificate that I uploaded. All I can do is set the default but I would actually like to remove and there is no way to do that from the Cockpit.
Thanks
Hi Patrick,
I’ve found the following solution from @federico.ballarini:
- created a “old-certificates” directory into /etc/letsencrypt/
- moved /etc/letsencrypt/live/* into old-certificates
- the same operation for “renewal” directory
If you don’t have a letsencrypt, perhaps he has another idea too.
If they’re certs from Let’s Encrypt, the easy answer would be certbot delete --cert-name whatever.yourdomain.tld.
3 Likes
I would love a way to delete expired certificates.
Or even better, a script that updates an existing certifciate and puts it where it needs to be and restarts all affected services. That way I don’t need to upload a new cert every three months. (I use LetsEncrypt domain certificate on another computer and move it where it’s needed).
Um, why?
signal-event certificate-update
- Why delete expired?
Replacing a certificate every three months ends up with a lot of expired certificates that clutter up the display
- Awesome! I know I have to copy my new certs into /etc/pki/tls/certs/ and /etc/pki/tls/private/ Is there any place else the uploaded cert gets placed?
Gerald
No, you really don’t. Just put the files somewhere consistent, do
config setprop pki CrtFile /etc/pki/tls/certs/cert.pem
config setprop pki ChainFile /etc/pki/tls/certs/chain.pem
config setprop pki KeyFile /etc/pki/tls/private/privkey.pem
substituting the paths with whatever you want. Then run signal-event certificate-update. It will make any necessary copies, set any necessary permissions, and restart or reload any services that use the cert. When renewal time hits, overwrite the old files and run signal-event certificate-update again. Scripting this on a remote host would be trivial. And as a bonus, since the file names aren’t changing, it stays as a single entry in the server-manager.
Also consider obtaining and renewing the cert on the Neth box itself. If it isn’t exposed to the Internet, you could consider DNS validation instead. See:
https://wiki.nethserver.org/doku.php?id=userguide:let_s_encrypt_for_internal_servers
https://wiki.nethserver.org/doku.php?id=userguide:let_s_encrypt_acme-dns
3 Likes
Sorry, didn’t get the chance to come back to this any sooner. If I go in the folder where the certs are stored, can I just delete the useless certs? If so, in what folder are they?
I would look at /etc/pki/tls/certs/, but I can’t check at the moment.
I recommend you to move the files, not to delete at the first step. If everything is, you can remove them.
Thanks! I’ll give that a try! 
I completely forgot to try this. Just did, I moved the certs but they are still showing in the list. Perhaps I need to reboot.
I found the solution. Under /etc/pki/tls, there is private folder where the keys are stored. What I did was, moved the keys in a temporary folder, did the same for the certs and then the certificates are now gone from the list!!!
I wish NethServer would simply just have a way for us to remove certs directly or at at least move them in another view, and expired ones in a separate view as well.
1 Like
I think this is a good idea. Why don’t you do a feature request.
cc: @dev_team
PS: Please mark this topic as solved.
1 Like