Delete Certificate

joepok · December 3, 2022, 1:34am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: nextcloud.joepok.net

I ran this command: certbot certificates

It produced this output: No certificates found.

My web server is (include version): nextcloud apache

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: self

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):1.32.0

I'm using the latest version of NextCloud 24.0.7.1 and installed certificates for both joepok.net and nextcloud.joepok.net

I've re-installed the server a few times since I am still learning the system. When I try to access the website https://nextcloud.joepok.net via Chrome and Edge, I receive: NET::ERR_CERT_COMMON_NAME_INVALID

This server could not prove that it is nextcloud.joepok.net ; its security certificate is from joepok.net . This may be caused by a misconfiguration or an attacker intercepting your connection.

When using Firefox I receive: SSL_ERROR_BAD_CERT_DOMAIN

Can I just start over? I'm still figuring out how certificates work. When I use Lets Encrypt, are the certificates stored both on my local server and letsencrypt? If so, how can I just delete the whole thing and start over again? I may need to reinstall my server more than once and need to figure out the process. certbot certificates yeilds: No certificates found...

Thanks

Joe

schoen · December 3, 2022, 6:02am

Hi @joepok,

The certificate is just a file which contains a digital signature, confirming that the certificate authority (in this case Let's Encrypt) has confirmed that it's appropriate and expected for your site to use a certain encryption key when communicating with the public.

If you delete your private key, nobody can regenerate it or recover it for you, and the certificate authority never possesses your private key. That means that your certificate will become permanently unusable if you delete all of your copies of your corresponding private key.

From Let's Encrypt's perspective, it's wasteful to issue duplicative certificates over and over again because each certificate issuance commits a tiny portion of Let's Encrypt's hardware capacity. Because of this, there are rate limits

that apply to issuance of duplicative certificates. It looks like you're extremely close to reaching one of those limits, in which case you wouldn't be able to issue such a certificate again for one week.

If you're testing and not setting up a public production server, you're encouraged to use the staging environment

(With Certbot, you can get this by adding the --staging option.)

The certificates you get this way won't be publicly trusted but the issuance process is otherwise just the same, so you can work out any problems in your configuration and issuance process this way.

Edit: Also, if you still have a certificate configured that you didn't expect to, you can look at your Apache configuration (usually in /etc/apache2).

system · January 2, 2023, 6:03am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.