Certs over written from restored backup after certs where renewed

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: staging.com

I ran this command: renewed cert

It produced this output: renewed ok

My web server is (include version): Centos 7

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Centos 7

  1. Have a staging site on a VMware host, had taken a snapshot of the host for testing two weeks ago.
  2. Certs for the site were up for renewal last week, which we did successfully.
  3. We restored the snapshot backup from two weeks ago on Friday, this also restored the old certs.
  4. The Old certs are now expired. - on Friday.
  5. When we go to renew certs - again, it does not allow it as the process thinks the certs are current, which we had done in step 2 above.
  6. The old certs that where restores are now out of sync with what is on LE.

How can we renew the old expired certs.
Tried to “uninstall” LS using process, but not sure if this is the correct appoarch.
this At this point I would like to uninstall Let's Encrypt

Any assistance guidance will be appreciated.

Thanks

2

You don’t need to renew the old certs. You can download the current certificates by looking up your domain at one of the CT logs, for example https://crt.sh

3

Thanks for reply @ndilieto,
Have downloaded the CRT file as suggested which looks correct,

Question - which directory on server should the crt file be added to. Is it in the LE directory?

Ok, further to my own question I added the CRT file to the directory
/etc/letsencrypt/archive/domain.com

Which had certX.pem

Renamed the last one cert4.pem to something else and current cert to cert4.pem.

When testing with " certbot certificates" returns an error, which makes sense
there are are three other files there ChainX, FullchainX and privkeyX

and these files I presume are all out of sync.

how do you re-insert the current Cert when the old certs are all expiried?

4

not much luck here
tried this process

when executing this step....

You’d need to check if those files are corresponding to each other:

  • openssl rsa -noout -modulus -in 00xx_key-certbot.pem | openssl sha256
  • openssl x509 -noout -modulus -in downloaded_certificate_from_crt.sh.pem | openssl sha256

These two hashes should be the same.

the two files are different, so now not clear how to restore this?
Or how to "uninstall" LE

5

Closing this request.,

Ended up deleting the Lets Encrypt directory and creating new certs.

Worked for us in this instance

1 Like
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.