Certbot No Certs found

honey · November 20, 2020, 2:29pm

My domain is: farinmedia.ir

I ran this command: certbot certificates

It produced this output: No certs found .

My web server is (include version): apache Tomcat 9.0.39

The operating system my web server runs on is (include version): cetos 8

My hosting provider, if applicable, is: -

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site: no

The version of my client is: certbot 1.9.0

Hi. I've used --csr option to get a certificate because I wanted to use my own keys generated by keytool.
Now when using 'certbot certificates' my cert isn't listed in results. Thanks to this post '' I know the reason. But now I wanna know is there any way to add my cert to 'certbot certificates' manually ? this way I can renew and manage my certs.
Thanks for your help.

rg305 · November 20, 2020, 2:51pm

Is there any way you can get the same cert without using --csr ?
Using that option implies that the private key is NOT being handled by certbot.
It would be impossible to renew such a second hand request (without first involving the originating requester).

You should probably look for a more integrated client.
What is the system that needs the cert - that generated the csr?

honey · November 20, 2020, 3:40pm

according to our policy , I should use only keys generated by keytool. This is what we normaly do to get a cert from other CAs. Switching to LE, I didn't find other way to use my own keys except using --csr switch. If I'm right (?) certbot generate keys and sign them by itself . If there is another way to use our own keys , please guide me.

rg305 · November 20, 2020, 4:05pm

I think you might be able to "fool" certbot by having it issue a cert.
Then change the private key to your private key.
Then have it issue another (new) cert [but NOT update the private key].
You will have a new cert with the private key you provided.
From there you can continue renewing without updating the private key [until you decide it is time for a new one].

That, of course, is a hack/workaround (if it works).
[I will look for a more supported/documented way]

rg305 · November 20, 2020, 4:08pm

OK I think you can accomplish what you need by using both of these:
--key-path
--reuse-key

You get to define where the private key file is and also reuse it as many times as you like.

honey · November 20, 2020, 4:14pm

--reuse-key didn't work alone. but --key-path probably is fine. gonna try it. about your former post , it's clever! that's really improvising and Im going to try it. thank you for your nice and fast guidance

rg305 · November 20, 2020, 6:56pm

You would need to either:

use --key-path alone
or use --key-path with --reuse-key

But not --reuse-key alone.
certbot presently has no key to reuse.
[you used --csr]

Once certbot has a key, then you can use just --reuse-key (reuse existing key).

honey · November 22, 2020, 8:13am

hi. thanks for this! it worked !

system · December 22, 2020, 8:13am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.