Removing Old Let’s Encrypt Files

New Let’s Encrypt certificates created since InterWorx version 7.12.0 are now located in /etc/acmephp instead of /etc/letsencrypt.

Generally, Let’s Encrypt certificates that were created prior to upgrading to version 7.12.x were converted to AcmePHP during the upgrade process. Those certificates are also now located in /etc/acmephp.

Because of these changes, the /etc/letsencrypt directory and its containing files are often no longer needed on servers running at least InterWorx version 7.12.0.

As of version 7.12.10, it is possible to check from the CLI whether it is safe to remove the /etc/letsencrypt directory and its related files.

To Check if it is Safe to Remove /etc/letsencrypt

  1. Log in to the server at the CLI as root, either via SSH or from the terminal

  2. Run the following command:

    ~iworx/bin/certbot-check.pex

    • The following output means that it is safe to remove /etc/letsenrypt, as the Let’s Encrypt SSL Certificates are now all located under /etc/acmephp:

      [root@server ~]# ~iworx/bin/certbot-check.pex
No domains appear to be using certificates generated by certbot. If you have not added any custom certificates outside of InterWorx through certbot, you should be safe to cleanup /etc/letsencrypt.
[root@server ~]#

    • The following output means that there are still some Let’s Encrypt SSL certificates in use that are located in /etc/letsencrypt, so it is not safe to remove that directory:

      [root@server ~]# ~iworx/bin/certbot-check.pex
The following domains appear to be using certbot certificates:
domain.com
[root@server ~]#