How to list, renew and delete Certbot certificates

Dec 03, 2021 · 1 min read · Post a comment

Managing Certbot certificates is often an underlooked operation since Certbot handles cert renewal automatically using a cronjob, so no worries there. But, what if we want to list which certificates are already installed, or we want to remove some of them properly. Today’s topic is all about listing, renewing and removing Certbot certificates.


  • Web server
  • Certbot
  • sudo privileges

Renew certificates

Step 1. List certificates.

sudo certbot certificates

Step 2. Renew a single certificate.

sudo certbot renew --cert-name <insert_cert_name_listed_from_step_1_here>

Note(s): You could also add --dry-run at the end of the renew command just to make sure you know what you are doing.

Step 3. Finally, restart the web server Nginx/Apache, whatever you are using Certbot with.

sudo systemctl restart nginx
sudo systemctl restart httpd

Delete certificates

Step 1. Basically, the same step as Step 1 in Renew certificates section.

sudo certbot certificates

Step 2. Delete a single certificate.

sudo certbot delete --cert-name <insert_cert_name_listed_from_step_1_here>

If you want to remove it in a more interactive way:

sudo certbot delete

Step 3. Don’t forget to remove the Certbot generated web server’s configuration leftover lines for the related/unwanted domain. The configuration block looks something like the following:

server {
    server_name test.com;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/test.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/test.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


In case you missed some of the other Certbot related posts, you can find them here. Feel free to leave a comment below and if you find this tutorial useful, follow our official channel on Telegram.