Let's look more closely at how to use certbot to delete the certificate from Apache. We can provide you with a thorough explanation of how to delete the certificate with the aid of our Server support services at Skynats.

Using SSL/TLS certificates to secure websites has become a need for securing sensitive data against interception and unauthorized access. An open-source application called Certbot automates the acquisition and renewal of SSL/TLS certificates. Using Apache, Nginx, and other web servers, Certbot can be used. Sometimes a previously installed certificate needs to be removed from a website. This might occur if the website no longer requires SSL/TLS security or if it wants to switch out the current certificate for a new one. In this article, we'll go over how to uninstall a Certbot-obtained certificate from an Apache web server.

Let's briefly explore how Certbot integrates with Apache before moving on to the procedure of revoking a certificate. Certbot communicates with the Apache web server using the Apache plugin. The plugin adds configuration files to the Apache web server and creates a virtual host for the SSL/TLS secured website. A Certificate Authority (CA) issues SSL/TLS certificates to Certbot, who then stores them on the Apache web server. The SSL/TLS certificates you get from Certbot have an expiration date and must be renewed regularly. Before a certificate's expiration date, Certbot automatically renews it so that websites can continue to use SSL/TLS encryption without experiencing any downtime.

Use these instructions to delete a certificate obtained using Certbot from an Apache web server:

Step 1: Terminate the Apache service.

Stopping the Apache service is the first step in deleting a certificate installed on an Apache web server using Certbot. This step is crucial since the removal of the certificate requires the deletion of data related to the website, such as configuration files and SSL/TLS certificate files. When the Apache service is stopped, all locked or active files are released, making it simpler to delete the files.

You must use the following command to terminate the Apache service:

The Apache service on your server will be terminated by this command. after exercising

Using this command, the Apache service will stop functioning, and until the Apache service is restarted, no websites hosted on your server will be accessible.

It is significant to remember that terminating the Apache server can result in a brief disruption in the accessibility of websites. To ensure that the certificate removal procedure is effective, nevertheless, this interruption is required.

You can start the certificate removal process after stopping the Apache service. But, it's crucial to keep in mind that once the certificate removal procedure is finished, you must restart the Apache service. You can use the next command to restart the Apache service:

All websites hosted on your server will once again be accessible after running this command, which will restart the Apache service.

Step 2: Locate the certificate that has to be deleted

The next step in removing a certificate obtained using Certbot from an Apache web server is to identify the certificate that has to be deleted after the Apache service has been stopped. Each domain for which Certbot obtains a certificate has its own directory, and each certificate is given a different name.

Use the following command to view the list of certificates installed on the Apache web server:

The Apache web server's installed certificates will be shown, together with their expiration dates and the domains they protect, using this command. Notice the certificate's name that has to be deleted.

You must be aware of a certificate's name in order to remove it. Each certificate is given a distinct name by Certbot based on the domain name for which it was issued. The "Certificate Name" column of the sudo certbot certificates command's output contains the name of the certificate.

The certificate name for the domain "example.com," for instance, can be "example.com-0001" if you want to remove it. Running the next command would delete this certificate:

The name of the certificate to be deleted is specified by the —cert-name option in this operation. The name of the certificate you want to delete should be used in place of "example.com".

You can check the directory's contents to see what certificates Certbot has stored for your Apache web server if you're unsure which one to delete. These files are located by default in /etc/letsencrypt/live/. There will be subdirectories for each domain for whom a certificate has been issued inside of this directory. The certificate files, including the certificate itself (cert.pem), the private key (privkey.pem), and the certificate chain, will be located in each subdirectory (chain.pem).

To find the certificate that has to be deleted, it is advised that you use the sudo certbot certificates command because it is more precise and dependable.

Step 3: Delete the Certificate 

The final step in deleting a certificate received from Certbot on an Apache web server is to actually delete the certificate after you have determined which certificate has to be removed.

Use the sudo certbot delete command, followed by the name of the certificate that has to be deleted, to remove it. To remove the certificate for the domain "example.com," for instance, you would use the command below:

Using this command, the selected domain's certificate and all related files will be deleted. To prevent you from inadvertently deleting the incorrect certificate, take note that Certbot will ask you to confirm the removal of the certificate before moving further.

The certificate files will be deleted from the directory where they are kept (by default, /etc/letsencrypt/live/) when you issue the sudo certbot delete command. It will also delete the /etc/apache2/sites-available/ directory's Apache virtual host configuration file, which is linked to the certificate.

It might be necessary to manually remove the relevant configuration files from the /etc/apache2/sites-available/ directory if you have many virtual hosts setup for the same domain. By scanning each file for the SSLCertificateFile and SSLCertificateKeyFile directives, you can determine which file to use.

You can restart the Apache service to ensure that the modifications take effect after removing the certificate and any related files. You can use the next command to restart the Apache service:

All websites hosted on your server will once again be accessible after running this command, which will restart the Apache service.

It is crucial to remember that revoking a certificate could temporarily reduce a website's accessibility. This is due to the website's HTTPS connections no longer being secured, and certain users' web browsers can show a warning message. To reduce any downtime if you intend to replace the certificate with a new one, it is advised that you first purchase and install the new certificate.

Step 4: Restart the Apache service

You must restart the Apache web server after removing the certificate for the modifications to take effect. The systemctl command, which is available in Ubuntu and other Linux distributions, can be used to manage system services.

You can use the next command to restart the Apache service:

The Apache service will be stopped by this command and then restarted. The revised configuration files will be loaded and any modifications made when the service starts up. This will make sure that any modifications to the SSL/TLS setup have taken effect and that the server's hosted website is once again accessible.

It is crucial to keep in mind that restarting the Apache service can create a small gap in the accessibility of websites. Users might not be able to access the website while the service is being suspended and restarted. The duration of this brief break ought to be kept to a minimum.

In some circumstances, you might also need to restart Apache without doing so for the complete service. To do this, use the command from the list below:

Without halting and restarting the entire service, this command will refresh the Apache settings. If you have modified the Apache configuration but do not want to restart the service to affect website accessibility, this can be helpful.

 Step 5: Check the Removal

It is crucial to confirm that the certificate has been successfully deleted and that the website is still reachable after deleting the certificate and restarting the Apache server.

You can use the following command to confirm that the certificate has been removed:

This command will list every certificate that has been obtained on the server using Certbot. The certificate shouldn't appear in the output of this operation if it has been correctly deleted. If the certificate is still shown, the removal procedure might not have been effective, and you might need to go through the process again to make sure the certificate has been correctly deleted.

You can attempt to access the website using a web browser in addition to verifying the output of the certbot certificates command. It can mean that the old certificate is still being utilized if the website is still reachable over HTTPS. To make sure the updated configuration is being utilized in this situation, you might need to clear the browser's cache or try visiting the website from a different browser.

The SSL/TLS settings of the website should be tested using an SSL checker tool, such as SSL Labs (https://www.ssllabs.com/ssltest/), as a final precaution. This tool will examine the website's SSL/TLS settings and offer a report on its compatibility and security. You may check that the website is still secure and that the SSL/TLS configuration has been updated correctly by performing this test.

Conclusion

On an Apache web server, removing a certificate obtained with Certbot is a simple procedure. The procedure entails halting the Apache service, determining which certificate has to be deleted, deleting it with the Certbot command, restarting the Apache service, and confirming the certificate removal. Certbot is a crucial tool for web server administrators since it makes acquiring and administering SSL/TLS certificates easier.

In conclusion, we learned how to delete the certificate from Apache using certbot. With the assistance of our Server support services at Bobcares, we have now seen how to delete the certificate.