Deletion of certs

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cryptodan.net

I ran this command: not relavant to issue

It produced this output: not relevant to issue

My web server is (include version): apache 2.4

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: my self

I can login to a root shell on my machine (yes or no, or I don't know): yes i have pure root uid 0

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no cpanel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): latest (new install from ubuntu 22.04 repos)

I need to delete / revoke my certificates so i can regenerate them for my mail and other servers to include the automatic renewal.

Unless you lost control of the corresponding secret key, there is no need to revoke a certificate.

"Latest" is a moving target and not a useful version descriptor. Real numbers are required to impart any relevant meaning. You should use the snap version on Ubuntu to ensure that you stay up to date. Packaged versions in distribution repositories tend to get stale rather quickly.

If you only need to add or change domains, you can so that eight from the command line.

https://eff-certbot.readthedocs.io/en/latest/using.html#changing-a-certificate-s-domains

5 Likes

Hey @cryptodanvr Welcome to the forum.
Unless you have some special reason to, there is really no need to revoke the certs. You can just let them expire gracefully.
Just get a new cert with the relevant domain/host names and you'll be good to go.

5 Likes

What makes you think that won't work? You got several certs with various name combinations yesterday. You can test the certbot renew with this

sudo certbot renew --dry-run

Depending on your method of installing Certbot you may already have a cronjob or systemd timer setup to run the certbot renew

See this section in the Certbot docs to check if that's setup. User Guide — Certbot 2.12.0.dev0 documentation

Your recent cert history

5 Likes

Good catch Mike! If OP missed any hosts for some reason, he could expand ONE of the certs for full coverage.

5 Likes

The reason I want to revoke to create again is to have all my mail certs for pop3 and imap under one cert for my Postfix/Dovecot instances and all my chat/collaboration certs under one separate cert.

Why can't you just make the certs that you want?

Revoking doesn't change what certs Let's Encrypt will issue

We can help you with the needed options for expanding, contracting, and deleting Certbot cert profiles. But, it would be helpful then to see the other answers to the form you chose not to answer.

5 Likes
3 Likes

Your levity exceeds your reputation.

2 Likes