Cleaning up old certificates

After some time of using Caddy in production with automatic certificates, I can imagine the certificate and staple paths will become full of old certs. Is it just a case of removing the folders from the storage path?

/opt/caddy/ssl/acme/acme-v01.api.letsencrypt.org/domainname.org
/opt/caddy/ssl/ocsp/domainname.org-*

Caddy will clean up old OCSP staples, but as of yet we don’t delete old certificates (technical reasons, as we prepare to integrate TLS storage plugins).

If you delete the certificate folders, that should be fine; Caddy will just request new ones. But don’t do that for live sites. :wink: For OCSP staples, it’s safe to delete those files, but again, Caddy should be cleaning those up over time.

Cool. I’ll leave them for now, they don’t exactly weigh much, I was just thinking I might not want Caddy renewing loads of certs that aren’t being used any more.

A post was split to a new topic: Cleaning up on-demand certificates