diff --git a/certbot-apache/certbot_apache/_internal/apache_util.py b/certbot-apache/certbot_apache/_internal/apache_util.py
index 666f6a84b..fde812478 100644
--- a/certbot-apache/certbot_apache/_internal/apache_util.py
+++ b/certbot-apache/certbot_apache/_internal/apache_util.py
@@ -9,6 +9,8 @@ import struct
 import subprocess
 import time
 
+
+from cryptography.hazmat.primitives import hashes  # type: ignore
 import pkg_resources
 
 from certbot import crypto_util
@@ -17,6 +19,7 @@ from certbot import util
 
 from certbot.compat import os
 
+
 logger = logging.getLogger(__name__)
 
 
@@ -58,7 +61,7 @@ def certid_sha1(cert_path):
     :rtype: `str`
 
     """
-    return crypto_util.cert_sha1_fingerprint(cert_path)
+    return cert_sha1_fingerprint(cert_path)
 
 
 def safe_copy(source, target):
@@ -338,6 +341,7 @@ def _get_runtime_cfg(command):
 
     return stdout
 
+
 def find_ssl_apache_conf(prefix):
     """
     Find a TLS Apache config file in the dedicated storage.
@@ -348,3 +352,16 @@ def find_ssl_apache_conf(prefix):
     return pkg_resources.resource_filename(
         "certbot_apache",
         os.path.join("_internal", "tls_configs", "{0}-options-ssl-apache.conf".format(prefix)))
+
+
+def cert_sha1_fingerprint(cert_path):
+    """Read a certificate by its file path and return its SHA-1 fingerprint.
+
+    :param str cert_path: File path to the x509 certificate file
+
+    :returns: SHA-1 fingerprint of the certificate
+    :rtype: bytes
+    """
+
+    cert = crypto_util.load_cert(cert_path)
+    return cert.fingerprint(hashes.SHA1())
diff --git a/certbot-apache/tests/ocsp_prefetch_test.py b/certbot-apache/tests/ocsp_prefetch_test.py
index df9cc877e..6a61435b8 100644
--- a/certbot-apache/tests/ocsp_prefetch_test.py
+++ b/certbot-apache/tests/ocsp_prefetch_test.py
@@ -118,7 +118,7 @@ class OCSPPrefetchTest(util.ApacheTest):
 
         ver_path = "certbot_apache._internal.configurator.ApacheConfigurator.get_version"
         res_path = "certbot_apache._internal.prefetch_ocsp.OCSPPrefetchMixin.restart"
-        cry_path = "certbot.crypto_util.cert_sha1_fingerprint"
+        cry_path = "certbot_apache._internal.apache_util.cert_sha1_fingerprint"
 
         with mock.patch(ver_path) as mock_ver:
             mock_ver.return_value = (2, 4, 10)
@@ -485,6 +485,20 @@ class OCSPPrefetchTest(util.ApacheTest):
         self.assertTrue(mock_rest.called)
 
 
+class CertFingerprintTest(unittest.TestCase):
+    """Tests for certbot_apache._internal.apache_util.cert_sha1_fingerprint"""
+
+    def test_cert_sha1_fingerprint(self):
+        import certbot.tests.util as test_util
+        from certbot_apache._internal.apache_util import cert_sha1_fingerprint
+
+        cert_path = test_util.vector_path('cert_512.pem')
+        self.assertEqual(
+            cert_sha1_fingerprint(cert_path),
+            b'\t\xf8\xce\x01E\r(\x84g\xc32j\xc0E~5\x199\xc7.'
+        )
+
+
 def _read_dbm(filename):
 
     """Helper method for reading the dbm using context manager.
diff --git a/certbot/certbot/crypto_util.py b/certbot/certbot/crypto_util.py
index 14d608dfc..c3c477e29 100644
--- a/certbot/certbot/crypto_util.py
+++ b/certbot/certbot/crypto_util.py
@@ -13,7 +13,6 @@ import re
 from cryptography import x509  # type: ignore
 from cryptography.exceptions import InvalidSignature
 from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import hashes  # type: ignore
 from cryptography.hazmat.primitives.asymmetric.ec import ECDSA
 from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePublicKey
 from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15
@@ -237,19 +236,6 @@ def load_cert(cert_path):
     return x509.load_pem_x509_certificate(cert_pem, default_backend())
 
 
-def cert_sha1_fingerprint(cert_path):
-    """Read a certificate by its file path and return its SHA-1 fingerprint.
-
-    :param str cert_path: File path to the x509 certificate file
-
-    :returns: SHA-1 fingerprint of the certificate
-    :rtype: bytes
-    """
-
-    cert = load_cert(cert_path)
-    return cert.fingerprint(hashes.SHA1())
-
-
 def verify_renewable_cert_sig(renewable_cert):
     """Verifies the signature of a RenewableCert object.
 
diff --git a/certbot/tests/crypto_util_test.py b/certbot/tests/crypto_util_test.py
index b62147b2a..714809277 100644
--- a/certbot/tests/crypto_util_test.py
+++ b/certbot/tests/crypto_util_test.py
@@ -410,16 +410,5 @@ class CertAndChainFromFullchainTest(unittest.TestCase):
         self.assertRaises(errors.Error, cert_and_chain_from_fullchain, cert_pem)
 
 
-class CertFingerprintTest(unittest.TestCase):
-    """Tests for certbot.crypto_util.cert_sha1_fingerprint"""
-
-    def test_cert_sha1_fingerprint(self):
-        from certbot.crypto_util import cert_sha1_fingerprint
-        self.assertEqual(
-            cert_sha1_fingerprint(CERT_PATH),
-            b'\t\xf8\xce\x01E\r(\x84g\xc32j\xc0E~5\x199\xc7.'
-        )
-
-
 if __name__ == '__main__':
     unittest.main()  # pragma: no cover