How to Remove Old Domains from Certbot's Automatic Renewal on Your Server
August 18, 2024
Introduction
Using Certbot to manage and automatically renew SSL certificates is a common practice in server administration. However, problems can arise when a domain that is no longer on your server continues to be part of the automatic renewal process. In this article, I’ll show you how to remove those old domains so that Certbot stops trying to renew them, helping you avoid unnecessary errors.
Step 1: Identify the Problematic Domain
The first step is to identify the domain causing issues during the automatic renewal. This domain typically appears in Certbot error messages, indicating that it cannot be renewed.
Step 2: Remove the Renewal Configuration File
Each domain managed by Certbot has a renewal configuration file located in /etc/letsencrypt/renewal/. To remove a domain from automatic renewal, you need to delete its corresponding configuration file. Use the following command:
sudo rm /etc/letsencrypt/renewal/domain_name.conf
Replace domain_name.conf with the name of the file corresponding to your domain.
Step 3: Delete Associated Certification Folders (Optional)
If you no longer need the old certificates for the removed domain, you can also delete the associated certification folders to free up space on your server. This step is optional but recommended if you no longer use the domain. The commands to do this are:
sudo rm -rf /etc/letsencrypt/live/domain_name
sudo rm -rf /etc/letsencrypt/archive/domain_name
Step 4: Review Your Web Server Configuration
It’s important to ensure that there are no references to the removed domain in your web server’s configuration (such as Apache or Nginx). Check the configuration files in /etc/apache2/sites-available/ and /etc/apache2/sites-enabled/ (for Apache) and remove any references to the domain.
Step 5: Manually Run the Renewal
Once the unnecessary files and folders have been removed, you can attempt to run the renewal again for the other domains you still use. Use the following command:
sudo certbot renew
This should renew only the domains that are still configured on your server, avoiding errors related to old domains.
Conclusion
Keeping your server clean and well-configured is crucial to avoid issues with Certbot’s automatic renewal. By following these steps, you can remove old domains and ensure that Certbot only renews the certificates you actually need. This will save you time and potential complications in managing your SSL certificates.