Accidentally removed my key,and reach the ratelimits


#1

##Hi all,

I encounter a problem, I try to write an auto-renew script and test it,but forget add ‘–test-cert’ flag.And now reach the ratelimits.ButI accidentally removed my keys,what should i do?Could I get the lost keys back?And if not,how long show I wait before I could regenerated the keys?7 days or 60 days?

##Thank you.


#2

Let’s Encrypt doesn’t have copies of the private keys so getting those back depends on if you have signed copies of them on your end.
You’ll probably have to run the client again after the ratelimit lowers.


#3

it would be intresting @jsha whether there is a “recovery process” which allows getting new keys for the same account, e.g. over the email address and/or a certificate made on that account


#4

You can run the ./letsencrypt-auto -d (domain) again and it will ask to reinstall your dependencies.


#5

I’m afraid you’ll have to wait 7 days from the first certificate you issued.

@my1: An interesting idea! But it sounds like the private keys for the issued certificates are probably gone, which can’t be fixed by any recovery process, since Let’s Encrypt is never in possession of those keys.


#6

well but when being able to regaining access to the account-id that was used you might be able to revoke the certs or whatever.

that LE doesnt have the keys is obvious, I have no idea how to call it in English but I have a finished apprenticeship as a “Fachinformatiker” (at least that’s what we cann it in Germany here)

regaining your account doesnt give you the keys back, but the pki data associated with it, which may be even more important, depending on the situation.

imagine this. an internal person with ill thoughts takes away the cert key, removes the private keys from the original server, and now he has the priv keys to a valid cert he shouldnt have very soon, problem, the company cannot revoke the certs because there is no way to get the account back via email or whatever and that hurts.

sounds far fetched but mis issuances also happen with big CAs which also shouldnt occur