Let’s Encrypt/Certbot移除/remove/revoke不須要的域名證書

 

1.首先確認你的證書再也不須要，若是有必要，請執行下面的命令進行備份

cp /etc/letsencrypt/ /etc/letsencrypt.backup -r

2.撤銷證書而後刪除證書

[root@localhost certbot-0.34.2]# certbot revoke ####這個是撤銷命令，執行這命令下面會報錯要讓我指定變量位置
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error! Exactly one of --cert-path or --cert-name must be specified!
You have new mail in /var/spool/mail/root
[root@localhost certbot-0.34.2]# certbot revoke --cert-path /etc/letsencrypt/archive/pazzn.com/c
cert1.pem   cert2.pem   chain1.pem  chain2.pem  
[root@localhost certbot-0.34.2]# certbot revoke --cert-path /etc/letsencrypt/archive/pazzn.com/cert
cert1.pem  cert2.pem  
[root@localhost certbot-0.34.2]# certbot revoke --cert-path /etc/letsencrypt/archive/pazzn.com/cert1.pem ###撤銷這個cert1.pem證書，通常默認都是我這個位置
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you like to delete the cert(s) you just revoked, along with all earlier
and later versions of the cert?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es (recommended)/(N)o: y ##肯定撤銷
[root@localhost certbot-0.34.2]# certbot delete ###刪除證書
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which certificate(s) would you like to delete?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: pazzn.com-0001
2: pazzn.com-0002
3: pazzn.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Deleted all files relating to certificate pazzn.com-0001.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have new mail in /var/spool/mail/root
[root@localhost certbot-0.34.2]# certbot delete
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which certificate(s) would you like to delete?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: pazzn.com-0002
2: pazzn.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Deleted all files relating to certificate pazzn.com-0002.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[root@localhost certbot-0.34.2]# certbot delete
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which certificate(s) would you like to delete?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: pazzn.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Deleted all files relating to certificate pazzn.com.  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[root@localhost certbot-0.34.2]# certbot delete ###刪除完後再次執行就會說沒有證書文件了，根據本身須要刪除域名指定證書
Saving debug log to /var/log/letsencrypt/letsencrypt.log
No existing certificates found.
[root@localhost certbot-0.34.2]# certbot revoke
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error! Exactly one of --cert-path or --cert-name must be specified!
You have new mail in /var/spool/mail/root

 3.弄完證書後還得刪除在nginx.conf配置文件中的ssl配置內容，否則沒有了證書，通常就報404什麼的了，因此必定要刪除

刪除後記得重啓nginx服務，網頁就撤銷證書了。

[root@localhost ~]# systemctl restart nginx.service
[root@localhost ~]# 

最後如圖已經撤銷：

 

參考連接：https://www.jesusamieiro.com/remove-revoke-a-domain-in-lets-encrypt/