Problem being, pic.hijackedbrain.com is not a correct subdomain anymore. So I suppose it tried to renew the certificates multiple times before hitting the renew limit. And now I cannot renew certificates anymore…
So what now ? What are the steps ? Do I have to clear some hidden certbot request stack ? How can I remove a subdomain as every method I saw online involve asking for a new certificate. Is there nothing I can do ?
This is temporary, you just need to wait 1 hour to try again.
You can revoke and remove the certificate first, then issue a new certificate with those subdomains you want.
(Since renew only allow you to add new subdomains not remove existing domains)
Your last 25 non expired certificates were issued without the offended domain pic.hijackedbrain.com, the last time you issued a certificate covering this domain was last year.
CRT ID DOMAIN (CN) VALID FROM VALID TO EXPIRES IN SANs
141802079 hijackedbrain.com 2017-May-21 11:23 UTC 2017-Aug-19 11:23 UTC -187 days git.hijackedbrain.com
hijackedbrain.com
horde.hijackedbrain.com
pic.hijackedbrain.com
safe.hijackedbrain.com
wip.hijackedbrain.com
So I'm a bit confused since you are already issuing certificates covering the right domains without pic.hijackedbrain.com.
As you removed one domain seems you have two dirs /elc/letsencrypt/live/hijackedbrain.com/ covering the old and expired cert and /elc/letsencrypt/live/hijackedbrain.com-0001/ which seems cover your new certificate, is that possible?
If this is the case we will have a couple of options to fix it.
In this case, there is no need to revoke the cert ;).
That's quite probably the case. Upon trying to fix my certificates (mainly by trying to use previous ones that were not yet expired), I stumbled upon tons of folder /elc/letsencrypt/live/hijackedbrain.com-0001/ up to -005 ... Same goes for archive/ (with multiple cert1.pem, cert2.pem, etc) and renewal/ ... I also deleted them because I thought they were too old to be relevant .....
That's pretty much what I thought at the exact moment I deleted them... I made some backup of the live folder but that's all ... (Most of ?) The rest is gone.
I remember certbot complaining about the files in /etc/letsencrypt/live/hijackedbrain.com/ not being symlink so I (stupidly) did some symlink with some others certs just to see what would happen. The original /etc/letsencrypt/live/hijackedbrain.com/ 's files are stored at /etc/letsencrypt/live/BUGYBACKUP/ (output for that folder can also be found in the pastebin below)
That is good ;), you at least have the last certificate issued for your domains so we can work with that, in a few minutes I’ll provide a few commands to try to fix it.