Delete Certificate

pabeu · March 18, 2019, 5:18pm

Hello,
I used [https://shredzone.org/maven/acme4j/index.html] for implement LE to my spring app.
When i revoke a certificate , i cannot get an other again.

Somebody have a good practice to delete or revoke a certificate and create an other one ?

Best regards

JuergenAuer · March 18, 2019, 5:21pm

Hi @pabeu

why do you revoke a certificate?

That's only required if your private key is stolen.

Letsencrypt certificates are only 90 days valid. So it's enough to wait, then the certificate is invalid.

pabeu · March 18, 2019, 5:24pm

Hi @JuergenAuer,
I need to delete it in order to have an other.

I don’t want to wait until it expires

JuergenAuer · March 18, 2019, 5:29pm

You don't need to delete a certificate.

Simply create a new, replace it. And ignore the previous certificate.

I delete my old certificates after their expiration date.

pabeu · March 18, 2019, 5:31pm

Thank @JuergenAuer,

I can do it with my java client https://shredzone.org/maven/acme4j/index.html
When i want to renew , ACME can’t finalize the challenge because it already do it with the domain name.

mnordhoff · March 18, 2019, 5:34pm

Can you show the exact error message from the client, and logs showing what happened to get there?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

pabeu · March 19, 2019, 9:31am

Hello,
I use java API https://shredzone.org/maven/acme4j/index.html to create a certificate for my domain.
This API alow me as to revoke a certificate with a specific method.
I don’t use command to generate.

cpu · March 19, 2019, 1:02pm

Hi @pabeau,

Like @mnordhoff asked (thanks!) can you please share the exact error you’re getting from Let’s Encrypt when you try to order another certificate after revoking one?

Could you also share the Java code you wrote using ACME4J?

There’s no reason that revoking a certificate would affect your ability to issue more. I think you probably have a bug or a misunderstanding in your Java code but the only way we’ll be able to know for sure is if you share the error message and your code.

Thanks!

pabeu · March 19, 2019, 2:54pm

Hello everybody,

This is my code on github [https://github.com/yakketyyak/spring-base/blob/master/src/main/java/ci/patrickbeugre/spring/base/business/AcmeBusiness.java].
The main method is generateCert.
In fact i use Redis to store the challenge token and content and expose an API in GET.
This API allow ACME SERVER to get the token content to finalize process.
The error is on line 78.
BR

system · May 7, 2019, 3:43pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.