Deletion of certs

cryptodanvr · June 10, 2024, 4:21pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cryptodan.net

I ran this command: not relavant to issue

It produced this output: not relevant to issue

My web server is (include version): apache 2.4

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: my self

I can login to a root shell on my machine (yes or no, or I don't know): yes i have pure root uid 0

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no cpanel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): latest (new install from ubuntu 22.04 repos)

I need to delete / revoke my certificates so i can regenerate them for my mail and other servers to include the automatic renewal.

linkp · June 10, 2024, 4:32pm

Unless you lost control of the corresponding secret key, there is no need to revoke a certificate.

"Latest" is a moving target and not a useful version descriptor. Real numbers are required to impart any relevant meaning. You should use the snap version on Ubuntu to ensure that you stay up to date. Packaged versions in distribution repositories tend to get stale rather quickly.

If you only need to add or change domains, you can so that eight from the command line.

https://eff-certbot.readthedocs.io/en/latest/using.html#changing-a-certificate-s-domains

Rip · June 10, 2024, 4:34pm

Hey @cryptodanvr Welcome to the forum.
Unless you have some special reason to, there is really no need to revoke the certs. You can just let them expire gracefully.
Just get a new cert with the relevant domain/host names and you'll be good to go.

MikeMcQ · June 10, 2024, 5:16pm

What makes you think that won't work? You got several certs with various name combinations yesterday. You can test the certbot renew with this

sudo certbot renew --dry-run

Depending on your method of installing Certbot you may already have a cronjob or systemd timer setup to run the certbot renew

See this section in the Certbot docs to check if that's setup. User Guide — Certbot 2.12.0.dev0 documentation

Your recent cert history

Rip · June 10, 2024, 5:19pm

Good catch Mike! If OP missed any hosts for some reason, he could expand ONE of the certs for full coverage.

cryptodanvr · June 10, 2024, 5:45pm

The reason I want to revoke to create again is to have all my mail certs for pop3 and imap under one cert for my Postfix/Dovecot instances and all my chat/collaboration certs under one separate cert.

MikeMcQ · June 10, 2024, 5:48pm

Why can't you just make the certs that you want?

Revoking doesn't change what certs Let's Encrypt will issue

We can help you with the needed options for expanding, contracting, and deleting Certbot cert profiles. But, it would be helpful then to see the other answers to the form you chose not to answer.

griffin · June 10, 2024, 7:35pm

Rip · June 12, 2024, 1:53am

Your levity exceeds your reputation.

system · July 12, 2024, 1:53am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Revoking Domain Certificate of a dismantled unix server Help	5	420	November 4, 2020
Certificates revoke after deleting Help	4	1393	June 7, 2020
Deleting a certificate from domain on Ubuntu / Apache Help	10	5027	November 5, 2022
Certbot does not allow new certificates anymore, although I do not own any yet Help	3	556	February 17, 2021
Noob With No More Support From Developers and Need to Either Renew Cert or Get a New One Help	14	734	May 3, 2019

Deletion of certs

Related topics