Expired Certificate cannot be deleted?
I had certificates expiring because I accidentally misconfigured Caddy. I had unexpired certificates that Caddy was not using. I properly configured Caddy to NOT get certificates, turned off the service, manually deleted the certs out of the Caddy store, restarted Caddy, and Caddy imported the correct/valid certs from my local store. I don't know if this will again be an issue if those certs expire or why if Caddy is not configured to get it's own certificates it does not default to just using the certs in the local store.
Checking my certificates I found I have an expired R12 (ACME Client) certificate for a DDNS service that I cannot delete (it has been replaced). When I try, I get the message:
Item in use by
general - {OPNsense.postfix.general}
The actual certificate is not on the system anywhere. Both certs have the same certificate and private key info. The expired cert is using CN=R12 while the new cert shows CN=YR1. Only the new cert is shown in my Services: ACME Client: Certificates while both are shown in but it is in my System: Trust: Certificates. I have a feeling the delete fails because it can't find what it supposed to delete.
The only entry I can find is that corresponds to the expired cert is in my /conf/config.xml file where all my certs are in the order displayed. in the trust listing. To clean this up do I just need to download my config file, edit out the bad cert, and re-upload it?
Related question is that under System: Trust: Authorities I show R10, R11, and R12 (ACME Client) from Let's Encrypt all with 0 usage. Can I simply delete these older unused trust authorities once I clean up my zombie cert issued under R12?