Can't add subdomain to cert

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: jocoemn.org

I ran this command:sudo /opt/bitnami/bncert-tool

It produced this output: Error while revoking the certificate for domain jocoeats.orgacme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/revoke-cert :: urn:ietf:params:acme:error:alreadyRevoked :: unable to revoke :: no certificate with serial 03d7306f5f9d4ac38ae68436abdd9cdc44ae and status other than revoked

My web server is (include version): Apache/2.4.59 (Unix)

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:Debian GNU/Linux 12

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

When I first ran the command I mistyped a domain and therefore there was no DNS record. I then rolled back to an earlier version of my bitnami instance. Now I can't do anything.

I tried manually revoking it with the same results. https://docs.bitnami.com/aws/how-to/understand-bncert/#manually-revoking-an-existing-certificate. The site now has no ssl cert and I need to resolve this.
Thanks in advance for any help.

that certificate you request is already revoked. so revoke it again will error out.

Hello @vpetrill, welcome to the Let's Encrypt community.

Why revoke the certificate?

Here is a list of issued certificates crt.sh | jocoemn.org

the tool I am using, /opt/bitnami/bncert-tool, is supposed to replace it but can't. It gives the error message. Is this a bitnami issue? I am stuck with no documentation that helps.

Also using Let's Debug give results of OK here https://letsdebug.net/jocoemn.org/2236639

Edit

And these all show the presently being served certificate is fine:

• https://decoder.link/sslchecker/jocoemn.org/443
• SSL Server Test: jocoemn.org (Powered by Qualys SSL Labs)
• Hardenize Report: jocoemn.org
• jocoemn.org | SSL Web Server Test Results (Sep 27 2024) • Wormly Monitoring

Why are you using Let’s Encrypt to revoke a certificate issued by "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
That would be certian to fail.

I'm guessing there's bitnami documentation somewhere on how to get a certificate. I don't think anyone here has any idea why it would be wanting to revoke a certificate if you haven't specifically asked it to; revoking is a rare thing only useful for when the private key is compromised or you no longer control the domain name.

Really? Looks like server: LiteSpeed to me.

$ curl -Ii http://jocoemn.org/.well-known/acme-challenge/sometestfile
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
date: Fri, 27 Sep 2024 01:39:09 GMT
server: LiteSpeed
location: https://jocoemn.org/.well-known/acme-challenge/sometestfile
x-turbo-charged-by: LiteSpeed

$ curl -k -Ii https://jocoemn.org/.well-known/acme-challenge/sometestfile
HTTP/2 404
date: Fri, 27 Sep 2024 01:39:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed

Hi @vpetrill,

Those two do not match. What is the domain name with the issue?

Edit:

The domain name jocoeats.org has been issued Let’s Encrypt certificates, crt.sh | jocoeats.org and this certificate crt.sh | 14522798191 has been revoked.

And the site is serving that revoked certificate

• https://decoder.link/sslchecker/jocoeats.org/443
• SSL Server Test: jocoeats.org (Powered by Qualys SSL Labs)
• Hardenize Report: jocoeats.org

OK, the domain name jocoeats.org this is using Apache.

$ curl -Ii http://jocoeats.org/.well-known/acme-challenge/sometestfile
HTTP/1.1 404 Not Found
Date: Fri, 27 Sep 2024 02:21:37 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1

$ curl -Ii http://jocoeats.org/
HTTP/1.1 301 Moved Permanently
Date: Fri, 27 Sep 2024 02:21:55 GMT
Server: Apache
X-Redirect-By: WordPress
Location: https://jocoeats.org/
Content-Type: text/html; charset=UTF-8

$ curl -k -Ii https://jocoeats.org/
HTTP/1.1 200 OK
Date: Fri, 27 Sep 2024 02:22:08 GMT
Server: Apache
Link: <https://jocoeats.org/wp-json/>; rel="https://api.w.org/", <https://jocoeats.org/wp-json/wp/v2/pages/30>; rel="alternate"; title="JSON"; type="application/json", <https://jocoeats.org/>; rel=shortlink
Content-Type: text/html; charset=UTF-8

Thank you very much for your response and research and I can't apologize enough for mistyping the domain. It should have been jocoeats.org. With the tool you referenced here I see it is revoked. crt.sh | 14522798191. Bitnami's bncert is a tool that is supposed to manage certificates for people like me know they need them and that is about all they know about them. Guess I now need to learn more.
I needed to add an additional domain to my servers certificate. bncert won't request a certificate without first revoking the one it thinks is in place. It must have revoked the certificate the first time I ran the tool but the process failed later on. Now each time I run the tool it fails when it tries to revoke the certificate. It does sound like it's a bncert issue. I will go down that path but may come back here if I need more info. Thanks again.

In case you don't know yet here is the bncert troubleshooting guide: Learn about the Bitnami HTTPS Configuration Tool

And, this problem seems vaguely familiar. If all else fails you might try what this person did

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.