Certificate Operations

This section describes certificate operations.

List Certificates

You can list all certificates managed by lego with:

lego certificates list

Output:

Found the following certificates:
_.example.com
├── Status: this certificate is expired.
├── Domains: *.example.com, example.com
├── Expiration Date: 2026-04-08 21:02:27 +0000 UTC
├── Issuer: CN=(STAGING) Puzzling Parsnip E7,O=(STAGING) Let's Encrypt,C=US
└── Certificate Path: /path/to/.lego/certificates/_.example.com.crt

...

Revoke Certificates

You can revoke existing certificates.

Execute the following command:

lego certificates revoke --cert-name 'example.com'

If you have the following .lego.yml configuration file:

certificates:
  foo:
    challenge: http-01
    domains:
      - example.com

And execute:

lego certificates revoke --cert-name foo

When using a configuration file, you can revoke all certificates at once:

lego certificates revoke