Certbot No Certs found

My domain is: farinmedia.ir

I ran this command: certbot certificates

It produced this output: No certs found .

My web server is (include version): apache Tomcat 9.0.39

The operating system my web server runs on is (include version): cetos 8

My hosting provider, if applicable, is: -

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site: no

The version of my client is: certbot 1.9.0

Hi. I've used --csr option to get a certificate because I wanted to use my own keys generated by keytool.
Now when using 'certbot certificates' my cert isn't listed in results. Thanks to this post '' I know the reason. But now I wanna know is there any way to add my cert to 'certbot certificates' manually ? this way I can renew and manage my certs.
Thanks for your help.

2 Likes

Is there any way you can get the same cert without using --csr ?
Using that option implies that the private key is NOT being handled by certbot.
It would be impossible to renew such a second hand request (without first involving the originating requester).

You should probably look for a more integrated client.
What is the system that needs the cert - that generated the csr?

2 Likes

according to our policy , I should use only keys generated by keytool. This is what we normaly do to get a cert from other CAs. Switching to LE, I didn't find other way to use my own keys except using --csr switch. If I'm right (?) certbot generate keys and sign them by itself . If there is another way to use our own keys , please guide me.

2 Likes

I think you might be able to "fool" certbot by having it issue a cert.
Then change the private key to your private key.
Then have it issue another (new) cert [but NOT update the private key].
You will have a new cert with the private key you provided.
From there you can continue renewing without updating the private key [until you decide it is time for a new one].

That, of course, is a hack/workaround (if it works).
[I will look for a more supported/documented way]

2 Likes

OK I think you can accomplish what you need by using both of these:
--key-path
--reuse-key

You get to define where the private key file is and also reuse it as many times as you like.

2 Likes

--reuse-key didn't work alone. but --key-path probably is fine. gonna try it. about your former post , it's clever! that's really improvising and Im going to try it. thank you for your nice and fast guidance

3 Likes

You would need to either:

  • use --key-path alone
  • or use --key-path with --reuse-key

But not --reuse-key alone.
certbot presently has no key to reuse.
[you used --csr]

Once certbot has a key, then you can use just --reuse-key (reuse existing key).

2 Likes

hi. thanks for this! it worked !

3 Likes