Cert conflict: remove domains from multiple domain cert


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: artprocess.net

I ran this command: sudo certbot certificates

It produced this output:
Found the following certs:
Certificate Name: www.artprocess.net-0001
Domains: www.artprocess.net alternativeart.org artprocess.com artprocess.ie artprocess.info artprocess.net artprocess.org justatest.com ladysisland.ie www.alternativeart.org www.artprocess.com www.artprocess.ie www.artprocess.info www.artprocess.org www.justatest.com www.ladysisland.ie
Expiry Date: 2018-06-13 11:51:17+00:00 (VALID: 46 days)
Certificate Path: /etc/letsencrypt/live/www.artprocess.net-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.artprocess.net-0001/privkey.pem
Certificate Name: www.artprocess.net
Domains: www.artprocess.net alternativeart.org artprocess.com artprocess.ie artprocess.info artprocess.net artprocess.org burrow.ie justatest.com ladysisland.ie rosslarelifeboatmemorial.com www.alternativeart.org www.artprocess.com www.artprocess.ie www.artprocess.info www.artprocess.org www.burrow.ie www.justatest.com www.ladysisland.ie www.rosslarelifeboatmemorial.com
Expiry Date: 2018-05-10 11:18:16+00:00 (VALID: 12 days)
Certificate Path: /etc/letsencrypt/live/www.artprocess.net/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.artprocess.net/privkey.pem

My web server is (include version):tomcat 8.5.14

The operating system my web server runs on is (include version): ubuntu 14.04

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

My Question (thanks for any help):
I was using a cert having multiple domains and renewing without issue.
I then had to add 2 extra domains.
I now have to remove the same 2 domains - so I created a new cert.

certbot renew fails on the cert “www.artprocess.net” as the 2 domains are now invalid, and the cert will expire in 12 days. This cert appears to be the one in use by the remaining valid domains.

How do I remove the cert “www.artprocess.net” and make the cert “www.artprocess.net-0001” the sole valid cert for my domains? Many thanks!


#2

Apologies for time wasting - It looks like was a simple fix:

  1. changed certificate file directory to point to www.artprocess.net-0001 in Tomcat’s server.xml
  2. removed www.artprocess.net folder from letsencrypt/live
  3. removed www.artprocess.net file from letsencrypt/renewal

#3

Yeah, that’s about it.

There;s also a www.artprocess.net folder in letsencrypt/archive.

There’s also a “certbot delete --cert-name www.artprocess.net” command to delete all 3 of those things, but I’m not 100% sure the version of Certbot you’re using supports it.


#4

Many thanks mnordhoff:
I restored the www.artprocess.net folder and file I deleted from backup, and following your advice ran

certbot delete --cert-name www.artprocess.net

with the following log result:

2018-04-28 07:28:28,634:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-04-28 07:28:28,635:DEBUG:certbot.storage:Removed /etc/letsencrypt/renewal/www.artprocess.net.conf
2018-04-28 07:28:28,635:DEBUG:certbot.storage:Removed /etc/letsencrypt/live/www.artprocess.net/cert.pem
2018-04-28 07:28:28,636:DEBUG:certbot.storage:Removed /etc/letsencrypt/live/www.artprocess.net/privkey.pem
2018-04-28 07:28:28,636:DEBUG:certbot.storage:Removed /etc/letsencrypt/live/www.artprocess.net/chain.pem
2018-04-28 07:28:28,636:DEBUG:certbot.storage:Removed /etc/letsencrypt/live/www.artprocess.net/fullchain.pem
2018-04-28 07:28:28,637:DEBUG:certbot.storage:Removed /etc/letsencrypt/live/www.artprocess.net/README
2018-04-28 07:28:28,637:DEBUG:certbot.storage:Removed /etc/letsencrypt/live/www.artprocess.net
2018-04-28 07:28:28,760:DEBUG:certbot.storage:Removed /etc/letsencrypt/archive/www.artprocess.net

Finally, running certbot renew:

Processing /etc/letsencrypt/renewal/www.artprocess.net-0001.conf

Cert not yet due for renewal

Many thanks again for your help, and to Letsencrypt for the great work they do.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.