It’s a somewhat advanced thing to experiment with, but it should be possible to get the private key out of the web server’s memory. Additionally, it is possible although unlikely that the web server keeps the private key file open, in which case the OS has not actually deleted it yet and a usable link to it can be found somewhere in
If you find the web server’s PID(s) with
ps, you can
/proc/<webserverpid> and then try
sudo ls -l fd which will show whether you have your privkey file still open; if you’re lucky you might possibly see something like
l-wx------ 1 you you 64 Jan 14 12:00 17 -> /etc/letsencrypt/archive/example.com/privkey2.pem (deleted)
which is good news because then that is your private key, which could then be copied out of
For the memory-searching example, you can use the
gdb attach method in
The private key should be somewhere in the resulting core file (maybe in PEM format, which is the comparatively easy case; maybe not, which is the comparatively trickier case).
I would not recommend using the
kill method because if it doesn’t work, you’ve lost your working web server!