fix: clean up ACME certs when resources are deleted #212

New Issue

Closed

opened 2026-04-05 17:02:41 +02:00 by MrUnknownDE · 0 comments

MrUnknownDE commented 2026-04-05 17:02:41 +02:00

Owner

Copy Link

Originally created by @shreyaspapi on 2/23/2026

Community Contribution License Agreement

By creating this pull request, I grant the project maintainers an unlimited,
perpetual license to use, modify, and redistribute these contributions under any terms they
choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
represent that I have the right to grant this license for all contributed content.

Description

Fixes #2382

What's wrong

When you delete a resource, Traefik keeps its certificate in acme.json and keeps renewing it forever. The deleteResource handler only removes the DB row — it never touches the ACME storage.

What this does

• After deleting a resource, checks if any other resource still uses the same domain
• If not, removes that domain's certificate from acme.json so Traefik stops renewing it
• Adds a configurable acme_json_path option (defaults to /app/config/letsencrypt/acme.json)
• The cleanup is best-effort — if it fails for any reason, the delete still succeeds

How to test?

1. Create a resource with a custom domain that gets a Let's Encrypt cert
2. Delete that resource
3. Verify the domain's cert is removed from acme.json
4. Verify that domains shared by other resources are NOT removed

*Originally created by @shreyaspapi on 2/23/2026* ## Community Contribution License Agreement By creating this pull request, I grant the project maintainers an unlimited, perpetual license to use, modify, and redistribute these contributions under any terms they choose, including both the AGPLv3 and the Fossorial Commercial license terms. I represent that I have the right to grant this license for all contributed content. ## Description Fixes #2382 ## What's wrong When you delete a resource, Traefik keeps its certificate in `acme.json` and keeps renewing it forever. The `deleteResource` handler only removes the DB row — it never touches the ACME storage. ## What this does - After deleting a resource, checks if any other resource still uses the same domain - If not, removes that domain's certificate from `acme.json` so Traefik stops renewing it - Adds a configurable `acme_json_path` option (defaults to `/app/config/letsencrypt/acme.json`) - The cleanup is best-effort — if it fails for any reason, the delete still succeeds ## How to test? 1. Create a resource with a custom domain that gets a Let's Encrypt cert 2. Delete that resource 3. Verify the domain's cert is removed from `acme.json` 4. Verify that domains shared by other resources are NOT removed

MrUnknownDE closed this issue 2026-04-05 17:02:41 +02:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

dependabot/npm_and_yarn/dev-minor-updates-b4e5d6b9c5

revert-2766-feature/systemd-install-instructions

dependabot/npm_and_yarn/prod-patch-updates-05702d39f2

dependabot/npm_and_yarn/next-16.2.1

dependabot/npm_and_yarn/recharts-3.8.1

alerting-rules

private-site-ha

dependabot/docker/docker/library/node-25-slim

ssh

delete-account

msg-delivery

org-only-idp

cicd

patch

site-targets-auto-login

1.17.0-s.4

1.17.0

1.17.0-s.3

1.17.0-s.2

1.17.0-s.1

1.17.0-s.0

1.17.0-rc.0

1.16.2-s.22

1.16.2-s.21

1.16.2-s.20

1.16.2-s.19

1.16.2-s.18

1.16.2-s.17

1.16.2-s.16

1.16.2-s.15

1.16.2-s.14

1.16.2-s.13

1.16.2-s.12

1.16.2-s.11

1.16.2-s.10

1.16.2-s.9

1.16.2-s.8

1.16.2-s.7

1.16.2-s.6

1.16.2-s.5

1.16.2-s.4

1.16.2-s.3

1.16.2-s.2

1.16.2-s.1

1.16.2

1.16.2-s.0

1.16.1-s.1

1.16.1

1.16.1-s.0

1.16.0

1.16.0-s.1

1.16.0-s.0

1.16.0-rc.0

1.15.4-s.10

1.15.4-s.9

1.15.4-s.8

1.15.4-s.7

1.15.4-s.6

1.15.4-s.5

1.15.4-s.4

1.15.4-s.3

1.15.4-s.2

1.15.4

1.15.4-s.1

1.15.4-s.0

1.15.3

1.15.3-s.1

1.15.3-s.0

1.15.1-s.1

1.15.2

1.15.1-s.0

1.15.1

1.15.0-s.5

1.15.0

1.15.0-s.4

1.15.0-s.3

1.15.0-s.2

1.15.0-s.1

1.15.0-s.0

1.15.0-rc.0

1.14.1-s.3

1.14.1-s.2

1.14.1-s.1

1.14.1-s.0

1.14.1

1.14.0-s.2

1.14.0

1.14.0-rc.0

1.13.1

1.13.1-s.0

1.13.0

1.13.0.s.0

1.13.0-rc.0

1.12.2-s.5

1.12.3

1.12.2-s.4

1.12.2-s.3

1.12.2-s.2

1.12.2-s.1

1.12.2

1.12.2-s.0

1.12.1

1.12.0

1.12.0-s.0

1.12.0-rc.0

1.11.1

1.11.1-s.0

1.11.0-s.5

1.11.0

1.11.0-s.4

1.11.0-s.3

1.11.0-s.2

1.11.0-s.1

1.11.0-s.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.1

1.0.0

1.0.0-beta.15

1.0.0-beta.14

1.0.0-beta.13

1.0.0-beta.12

1.0.0-beta.11

1.0.0-beta.10

1.0.0-beta.9

1.0.0-beta.8

1.0.0-beta.7

1.0.0-beta.6

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

Improvement

Improvement

Improvement

Improvement

Look Into

Security

Security

api

api

authentication

authentication

authentication

authentication

authentication

authentication

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

config

config

config

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

docker

docker

docker

docker

docker

documentation

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

go

go

go

go

go

go

go

go

go

go

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

networking

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

question

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

ui

ui

ui

ui

ui

ui

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

MrUnknownDE

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/pangolin#212