Certs deleted and limit


#1

I was making test and didn’t know about the limits.
So I deleted the certs and seems I can’t make more requests because of the quota.

Is there any way to be able to restore the certs I had or something. My web is already in production and now I have no certs for … 7 days???


How can i completely reinstall lets encrypt, delete all old certificates, and start fresh?
#2

If you’ve also deleted the private keys: no luck. The certificates can be found in the list of all certificates issued by Let’s Encrypt, but your server can’t function without the corresponding private key.

You should have tested with the staging server by adding --test-cert to the command line options.


#3

I deleted /etc/lestsencrypt … so. There is no way to recover from that?


#4

Unless you can recover that directory with some kind of data recovery software: no.


#5

OMG … I am going to have a hard job changin all again to non https.


#6

You don’t have a backup laying around somewhere?


#7

I already moved everything, but firefox still go to https.

Is there anyway I can revoke all the certs so when I have waited the seven days I can ask for the certs again for the subdomains I really need? I think I also made a mistake with the list of subdomains when making tests.


#8

Without the privkey.pem of the certificate or your account keys, you can’t revoke the certificate.

As for the Firefox problem: did you or did you let Let’s Encrypt set a HSTS header?


#9

Sincerely … I don’t know


#10

Hi @voylinux, if you chose “Secure” when you installed the certificate, it would have added a redirect directive to your Apache configuration which sends a redirect header at the HTTP level to tell clients that the location of the page has moved to the HTTPS version. If you remove the redirect directive from your Apache configuration file and restart Apache, people should once again be able to go to the HTTP version of the site.

The /etc/letsencrypt directory does contain cryptographic keys which are needed to prove your identity to the Let’s Encrypt CA (and to people who visit your site). Without those cryptographic keys, you can’t easily revoke a certificate because there’s no way to distinguish you from anyone else who shows up asking for a certificate to be revoked! Also, revocation does not affect the rate limits so it wouldn’t allow you to get new certificates sooner.

If you registered an e-mail address when you originally ran the client, there may be a way to do e-mail-based recovery to set up an account key. I’m not sure what the state of the implementation of that functionality is on the client or server side at the moment; I think we may not have the tools finished. But I think in your situation revocation isn’t exactly what you need because it won’t help with the rate limit, and simply removing the redirect should allow you to let people visit your site again.


#12

Hi @shoen, unfortunately I’m in the same situation. I deleted the certs after a hack I had on my server…
When I will be able to use the service again? I mean, apparently I could create a new cert but the https is not working.

I only have the “csr” and the “renewal” folders and the “options-ssl-apache.conf” file.

Thank you in advance.


#13

You should be OK to generate a new cert now.

with regards to the https not working, it depends why it’s currently not working. is it just a configuration issue ? or something else ?


#14

Thank you @serverco. I should generate a new cert now? Or You mean that the one I generated yesterday is ok?

If helps, I noticed that only the first installation created an Apache vhost, and asked me for the kind of installation, but not for the following installation.

Is there something I should check in my apache2 / wmin installation?

Thanks.


#15

@acaparrelli The cert you created yesterday should be fine

You don’t want to keep generating more, or you will hit the rate limits :wink:

Yes, there are various bits you need to modify in your apache to set up the SSL / https.

What is the operating system / setup you have ? Apache ( version ?) and some sort of web management system ( webmin ? ispconfig ? cpanel … ? ) ?


#16

This is the setup:

Operating system Debian Linux 8
Apache version 2.4.10
Webmin version 1.770
Kernel and CPU Linux 2.6.32-042stab108.8 on x86_64
BIND version 9.9.5

are these information enough?

Thanks.


#17

Yes, that’s enough background info - great, thanks.

for adding the cert via webmin see the webmin SSL documentation You can ignore the first bit ( about generating the SSL cert) and then follow the next bit about setting up a site to use SSL.


#18

Grrreat! All is working now :wink: thank you again @serverco !


#19

A post was split to a new topic: Deleted /etc/letsencrypt