Начали приходить уведомления об ошибках обновления сертификатов для некоторых dev-доменов, надо поудалять неиспользуемые сертификаты.
Документация – тут>>>.
Всё есть в помощи:
[simterm]
# /opt/letsencrypt/letsencrypt-auto -h ... manage certificates: certificates Display information about certificates you have from Certbot revoke Revoke a certificate (supply --cert-path) delete Delete a certificate ...
[/simterm]
Проверяем список имеющихся сертификатов:
[simterm]
# /opt/letsencrypt/letsencrypt-auto certificates | grep -A 4 -e global-e-shop.domain.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Revocation status for /etc/letsencrypt/live/global-e-shop.domain.com/cert.pem is unknown Revocation status for /etc/letsencrypt/live/preview.jm-website-sw-dev.domain.ms/cert.pem is unknown Certificate Name: global-e-shop.domain.com Domains: global-e-shop.domain.com Expiry Date: 2017-10-31 08:28:00+00:00 (INVALID: EXPIRED) Certificate Path: /etc/letsencrypt/live/global-e-shop.domain.com/fullchain.pem Private Key Path: /etc/letsencrypt/live/global-e-shop.domain.com/privkey.pem
[/simterm]
Собственно – вот и два сертификата, на DNS записей уже не существует:
Revocation status for /etc/letsencrypt/live/global-e-shop.domain.com/cert.pem is unknown
Revocation status for /etc/letsencrypt/live/preview.jm-website-sw-dev.domain.ms/cert.pem is unknown
Вызываем letsencrypt-auto
с опцией revoke
, передаём путь к файлу сертификата, после его отзыва Let’s Encrypt предложит удалить и все связанные с ним файлы:
[simterm]
# /opt/letsencrypt/letsencrypt-auto revoke --cert-path /etc/letsencrypt/archive/global-e-shop.domain.com/cert1.pem Saving debug log to /var/log/letsencrypt/letsencrypt.log -------------------------------------------------------------------------- Would you like to delete the cert(s) you just revoked? -------------------------------------------------------------------------- (Y)es (recommended)/(N)o: (Y)es (recommended)/(N)o: y -------------------------------------------------------------------------- Deleted all files relating to certificate global-e-shop.domain.com. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Congratulations! You have successfully revoked the certificate that was located at /etc/letsencrypt/archive/global-e-shop.domain.com/cert1.pem --------------------------------------------------------------------------
[/simterm]
Готово.