Certificate revoke

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: coresolution.eu and any subdomains

I did request a certificate inside a container that has data inside a volume and had to delete everything, problem is that I was not exactly sure how does this works and thus I have lost all keys as they were in these volumes :frowning:

Is there any chance to revoke cert made for blog.coresolution.eu as and www.blog.coresolution.eu as well as for www.coresolution.eu - that was just for backup testing purposes - yeah it all didn’t went well…

All what I see through crt.sh could be taken down. As I would in the best case remove it and start from scratch and make a copy from inside of these important volumes where they keys are stored.

As it seems now, if I do recreate containers I can’t get to the website as it thinks that it is not secure… I think that it is because the containers did create a new certificates after re-creation where I did delete volumes before.

I can prove identity through email, or DNS record management for example.

Please just tell me that there is a way out of this, I will be smarter next time.

Many thanks,
Boris

Welcome to the community @coresolutiondoteu

If you just deleted your certs there is no reason to revoke them. You can see the good reasons for doing that at page below. If you need a new cert just get one. There are Rate Limits so best to use the Staging Environment until you get your system tested (both topics here)

4 Likes

I am sorry I am noob in here… so if I did understand well it all means that the webpage will become working at some point with what it was created? Even if now it says that it is not secure and I cant get in?

The last cert was created around 1 hour back, from the edit time.

I don't understand your comment but your blog.coresolution.eu domain is using a self-signed cert so will not be trusted by browsers. Your www subdomain also uses this self-signed cert. Use a site like this SSL Checker (link here) to see what cert your server is configured to use.

I don't see that you have an HTTP site working at all. You should focus on getting that to work first and then try adding a cert to enable HTTPS.

Specifically I see these problems. You have a lot of work to do :slight_smile:

  • Port 80 is blocked (possibly firewall/router) although port 443 is open to your public IP

  • There is no DNS A record for coresolution.eu but there is for the www and blog subdomains.

  • Trying https://www.coresolution.eu fails with HTTP error 503 (if you ignore the self-signed cert error)

  • Trying https://blog.coresolution.eu fails with HTTP error 500. (if you ignore the self-signed cert error)

3 Likes

A record cant be there as I dont have DNS provider that could do forward that into another DNS name, like for the rest (through CNAME).

Do I need port 80? Is it needed for the certificates requests or something like that?

www.coresolution.eu is down, but blog. and www.blog shall work… hups?

BTW really appreciate your help in here!

2 Likes

Oh, I see you are using a ddns service separate from your DNS provider. If your IP does not change often you could still use an A record for your IP and change it manually. Yes, apex domain's don't support CNAME

It is needed to use HTTP Challenge. How are you getting certs? It is also good practice to keep port 80 open see the related Let's Encrypt topic (here)

They could work but they are not as I described.

4 Likes

Yup so it will be because I did block port 80, I have a lot to read as always :melting_face: Thank you Mike :vulcan_salute:

4 Likes