Remove Old SSL Certificate(s) after new one is successfully applied

alex / letsencrypt-aws

BSD 3-Clause "New" or "Revised" License

727 stars 121 forks source link

Remove Old SSL Certificate(s) after new one is successfully applied #72

Open bateller opened 8 years ago

bateller commented 8 years ago

After awhile you'll have a bunch of old certificates in your list. No reason this shouldn't' be tidied up automatically.

It should delete the prior installed certificate right after the new certificate is successfully applied to the ELB.

This can be done with AWS CLI: http://docs.aws.amazon.com/cli/latest/reference/iam/delete-server-certificate.html

Eg.

aws iam delete-server-certificate --server-certificate-name "32192372168017-2016-10-18-www_mydomain_com-mydomain_com"

alex commented 8 years ago

Hmmm, so this is a challenge, we want to leave recent old certs so people can roll back if necessary. I think the best thing would be a "prune-old-certs" command?

bateller commented 7 years ago

@alex That makes sense. Or keep a rolling # of old certificates (delete if >3 for example).