docs/content/advanced/certificates.md
This section describes certificate operations.
<!--more-->You can list all certificates managed by lego with:
lego certificates list
Output:
Found the following certificates:
_.example.com
├── Status: this certificate is expired.
├── Domains: *.example.com, example.com
├── Expiration Date: 2026-04-08 21:02:27 +0000 UTC
├── Issuer: CN=(STAGING) Puzzling Parsnip E7,O=(STAGING) Let's Encrypt,C=US
└── Certificate Path: /path/to/.lego/certificates/_.example.com.crt
...
You can revoke existing certificates.
{{< tabs groupid="usage-examples" >}} {{% tab title="Classic Way" %}}
Execute the following command:
lego certificates revoke --cert-name 'example.com'
{{% /tab %}} {{% tab title="With a Configuration File" %}}
If you have the following .lego.yml configuration file:
certificates:
foo:
challenge: http-01
domains:
- example.com
And execute:
lego certificates revoke --cert-name foo
When using a configuration file, you can revoke all certificates at once:
lego certificates revoke
{{% /tab %}} {{< /tabs >}}