Domain expired, renew error, how revoke cert?

One of my domains expired and I removed it from my server, now when “/usr/bin/certbot renew”

Encountered vhost ambiguity when trying to find a vhost for mydomain.com but was unable to ask for user guidance in non-interactive mode. Certbot may need vhosts to be explicitly labelled with ServerName or ServerAlias directives.
Falling back to default vhost *:443...
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (mydomain.com) from /etc/letsencrypt/renewal/mydomain.com.conf produced an unexpected error: Failed authorization procedure. mydomain.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for mydomain.com. Skipping.

When try: certbot revoke --cert-path /etc/letsencrypt/archive/mydomain.com/cert1.pem

certbot: error: argument --cert-path: No such file or directory

I deleted the files in live, archive and renew dir.

What should I do to completely delete the expired domain certificate?

certbot delete --cert-name milfhardpics.com

certbot delete --cert-name mydomain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
No certificate found with name mydomain.com (expected /etc/letsencrypt/renewal/mydomain.com.conf).

It sounds like you already deleted it, then.

What’s the output of certbot --certificates?

certbot --certificates
usage: 
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. 
certbot: error: unrecognized arguments: --certificates

:worried::worried::worried:???

try certbot certificates, without the --

Show all certificates, but not mydomain (the expired one)

Then… it should be gone. Just deleting /etc/letsencrypt/renewal/mydomain.com.conf should have been enough to stop certbot from trying to renew it. Are you still getting that error?

Note that you don’t need to revoke it as it’s already expired.

Hmm, I just realized I may have misunderstood what you’re doing… are you trying to delete an expired certificate, or are you trying to revoke a valid certificate for an expired domain?

If the latter, you would normally revoke the certificate before deleting it. I think I remember reading that there’s a way to revoke a certificate with just the account key, but I can’t seem to find it…

I have let the domain expire, then I removed it from my server, now when start the automatic renewal via cronjob I get the error.

If I try revoke
certbot revoke --cert-path /etc/letsencrypt/archive/milfhardpics.com/cert1.pem
certbot: error: argument --cert-path: No such file or directory

Because I deleted the domain files from the folder /etc/letsencrypt

I don’t understand why he keeps wanting to renew this certificate…

Is there something like a refresh? That tells let’s encrypt to recheck what certificates exist?

It checks the files in /etc/letsencrypt/renewal to determine what to try to renew. So if you’ve deleted the file from there it shouldn’t try to renew it. You should only need to delete the renewal conf file mentioned in the error message ("Attempting to renew cert (mydomain.com) from /etc/letsencrypt/renewal/mydomain.com.conf produced an unexpected error…"

found what I was looking for earlier: if you do want to revoke the certificate, you can do so by downloading it from crt.sh and passing the downloaded file to the certbot revoke command; it doesn’t need the certificate’s private key as long as you run the command with the same account key as you used to issue it originally, which in most cases means “on the same server”. Revoking it won’t make any difference to certbot’s renewal logic though.

Solved…

I noticed a file with 0001 at the end, not the domain in question, but still odd.

I revoked the certificate, removed all the files and recreated the certificate for the domain with 0001, now the renewal works

I have no idea what or how it happened, but now it seems to work

Thanks for the help

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.