Deleted my CSR file

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: del

It produced this output:bye bye

My web server is (include version):apache 2.4

The operating system my web server runs on is (include version):centos 7

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don’t know):Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):Centos CWP 9.8.809

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

I was doing some house cleaning and accidentally deleted my csr file. Now new certs are throwing an error with mismatched common names. Whats the best easiest way to fix this?

Most reason cert was created a few minutes ago.

Hi @pixelpadre,

Your CSR isn’t necessary for the validity of a certificate at all. Also, most of our recommended ways of obtaining Let’s Encrypt certificates don’t save the CSR at all!

How are you obtaining and installing your certificates?

centos cwp. Nice control panel. You might be familiar with it. I am transitioning from one server to another. So maybe thats the reason I am getting some mismatch common names.

Yes, maybe your DNS records are still pointing at the old server (or are pointing at the new server before it’s obtained a certificate)?

It wont let me get a premature cert unless dns points to the server. but that does leave open the propagation issue. I just added a new cert and its got A rating. But one or two still give me common name mismatch. I will wait a day or two.

Hi @pixelpadre

you don't include the www-version. Your dns-entries have www-entries ( ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout A yes 1 0
AAAA yes A yes 1 0
AAAA yes

your certificate not
expires in 90 days - 1 entry

so your www version isn't secure.

Domainname Http-Status redirect Sec. G 200 0.287 H 403 0.290 M
Forbidden 200 1.557 I 200 1.370 N
Certificate error: RemoteCertificateNameMismatch

There are users who add www never, other add www to every domain.

So if you have two dns entries, you should have one certificate with both domain names.

And your chain is wrong - duplicated certificates:

Chain - duplicate certificates	
	3	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US

Looks like you use cert.pem and fullchain.pem.

Looks like I had a custom server configuration for the one bad acting domain. I had it set up for apache-phpfpm. I did not properly setup the server correctly. After I deleted the custom configuration I got a good certificate. Sorry about the distraction.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.