DenMurphy
By:
DenMurphy

How can I uninstall a manually installed Comodo SSL certificate from Ubuntu Nginx App managed by ServerPilot?

May 30, 2017 253 views
Nginx WordPress Ubuntu 16.04

I have configured a Droplet with Ubuntu v16.04 running nginx, with ServerPilot managing an App to run a Wordpress Installation.

I recently installed a Comodo SSL certificate manually, but want to remove this as I have setup Cloudflare and want to use that service instead of the manual certificate to manage my SSL for me. They also provide a wildcard SSL which I currently do not have with the manually installed Comodo certificate and I would like to use this feature.

How can I uninstall the Comodo Certificate? There appears to be plenty of 'How to install certificates', but very little info on Uninstalling correctly.

2 Answers

The simplest way forward is to ascertain how you installed the certificate to begin with.
Did you follow a tutorial somewhere? Generally following it in reverse is a good start.

In the NginX site config, usually located in /etc/nginx/sites-enabled/<your site>, you generally will see a few lines with the ssl_ prefix, which are the key lines to remove when removing SSL, as well as changing the listening back to port 80.

Please note, however, that if you remove SSL from your local system, you will not have full SSL coverage between your server and CloudFlare, only between CloudFlare and the client visiting the site.

You would be better off, in this case, replacing the certificate with the CloudFlare issued 'Origin Certificate' to ensure full SSL coverage - you can see more about this feature here: https://blog.cloudflare.com/cloudflare-ca-encryption-origin/

@DenMurphy

Last I recall, ServerPilot proxies requests to Apache via NGINX, though I'm not 100% sure which of the web servers is actually setup for SSL, or if they both are. They don't publish that information, so you'd need to check the configuration or reach out to ServerPilot and see if they can provide the steps you need to take to remove it.

Generally speaking, you'd remove the SSL configuration from your server block or VirtualHost and change the listening port from 443 to 80, then restart the web servers for the changes to take.

If they use a standard setup, those files will be in:

/etc/apache2/sites-available

and

/etc/nginx/sites-available
Have another answer? Share your knowledge.