Remove a specific SSL Certificate Ubuntu 24.04

Replaced my real domain name with 'domain'. I have nextcloud running on my server 192.168.1.2, when opening the website nc.domain.eu and check certificate : > Common Name (CN) nc.domain.eu Organization (O) Certificate> Organizational Unit (OU) So this works. But when i open adguard.domain.eu it shows : > Common Name (CN) collabora.domain.eu Organization (O) Certificate> Organizational Unit (OU) Collabora used to run on this machine but due to issues i removed it however the 'certificate' still remains. When running : > openssl s_client -showcerts -connect 192.168.1.2:443 --- Server certificate subject=CN = collabora.domain.eu issuer=C = US, O = Let's Encrypt, CN = E6 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 3314 bytes and written 373 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 256 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- How do i remove that certificate from Ubuntu? locate .pem | grep "\.pem$" | xargs -I{} openssl x509 -issuer -enddate -noout -in {} I used that to find 'collabora.domain.eu' and found 2 results : > could not read certificate from > /etc/letsencrypt/archive/collabora.domain.eu/privkey1.pem directory contains : > cert1.pem chain1.pem fullchain1.pem privkey1.pem > > Could not read certificate from > /etc/letsencrypt/live/collabora.domain.eu/privkey.pem directory contains : > cert.pem chain.pem fullchain.pem privkey.pem README Can i just remove those directories? and run : > update-ca-certificates And i want to add a www.domain.eu and *.domain.eu to this server. I already have the files created on Nginx Proxy Manager. Can i just copy those in? If yes where? I also tried : sudo certbot certificates sudo certbot delete selected '1' which was 'collabora.domain.eu' and ran update-ca-certificates but openssl s_client -showcerts -connect 192.168.1.2:443 still shows it. **#### EDIT ####** I just found that collabora.conf was still in sites-available and being loaded. Renamed/removed it and restarted Apache2. Now it gets even weirder. If i enter 'adguard.domain.eu:8883' in my browser it's good and uses *.domain.eu cert. If i click 'adguard.domain.eu' in NPM it uses 'nc.domain.eu'. NC.Domain.eu = nextcloud which is loaded through 'nextcloud-le-ssl.conf' which is correct. Nginx Proxy Manager is serving *.domain.eu and www.domain.eu. I couldn't get 'wildcard' to work on the server before. I wonder if i can just take the 'xxx.pem' files from NPM and replace the lines in 'nextcloud-se-ssl' and hope for the best? But i guess certbot could cause issues here.. and renewing will require for me to do it manually.