How to stop renewing a letsencrypt/certbot certificate?

With certbot, you can simply use:

certbot delete --cert-name mywebsite.com

This removes the certificate and all relevant files from your letsencrypt config directory.


The OP wants to delete the certificate in addition to stopping renewal, and that was covered by the other answers. However if you want to keep the certificate but discontinue future renewals (for example if you have switched to a different server, but are waiting for all the DNS changes to propagate), you can go into /etc/letsencrypt/renewal and rename example.com.conf to example.com.conf.disabled (or any other non-.conf name, or even delete it altogether:

/etc/letsencrypt/renewal/example.com.conf.disabled

You can verify it was disabled by running the following command, as noted in the other answer.

sudo certbot renew --dry-run

Lastly some have suggested elsewhere that one can simple put autorenew = False at the top of the /etc/letsencrypt/renewal/example.com.conf file, but that doesn't seem to work. (I would have replied to that post to give my feedback, but their forum cuts off comments after 30 days.)

After review I realize that much of this information is included in the other answer, but I wanted to clarify the steps needed for the separate use case of disabling renewal without deleting or disabling the certificate itself.


It doesn't seem like there is a command to formally "cancel" renewals at this time. However, I found a suggestion from this thread that seems to work.

I tried running the following command,

sudo find /etc/letsencrypt/ -name '*outdated.example.com*'

and only found one file in each the live/, archive/ and renewal/ directory.

I also tried running,

sudo grep -r /etc/letsencrypt/ -e 'outdated.example.com'

and only found references to the outdated domain in one file in the renewal/ directory (which was renewal/outdated.example.com.conf).

I ran letsencrypt renew and it listed outdated.example.com in the output.

I then created a directory _renewal_disabled and moved renewal/outdated.example.com.conf to that directory.

I ran letsencrypt renew again, and it no longer listed outdated.example.com in the output.

From this I can assume that I've "disabled" renewal of the certificate.