Error When Adding Subdomain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: sudo /opt/bitnami/bncert-tool

It produced this output: An error occurred revoking certificates with Let's Encrypt:

2023/01/06 00:13:56 Trying to revoke certificate for domain
2023/01/06 00:13:56 Error while revoking the certificate for domain
acme: error: 403 :: POST :: ::
urn:ietf:params:acme:error:unauthorized :: Certificate is expired

My web server is (include version): Apache

The operating system my web server runs on is (include version): Linux 4.19.0-23-cloud-amd64 x86_64

My hosting provider, if applicable, is: AWS Lightsail

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): NA

I attempted to add a new subdomain, but received this error message stating the certificate for the primary domain is expired. However, I just renewed the certificate less than 60 days ago and the certificate appears to be valid.

Does anyone know how I can resolve this? Thank you!

1 Like

Hi @MichaelJ, and welcome to the LE community forum :slight_smile:

That tool seems to want to revoke an already expired certificate.
Which is NOT possible.
Maybe you could somehow delete the certificate that has expired before continuing.


Reading a bit on how that tool works, I think it doesn't cover all possible scenarios.
Like: when a cert has expired and you need to remove it.
The default action is for it to be revoked and then removed.
But revoking an expired cert is NOT a valid choice.
So, it can't be removed [via that tool - at this version - it needs to be made smarter].


This has come up before. I don't understand why bitnami seems to revoke certificates. Is there an anti-pattern at play here? That client has caused so many problems for LetsEncrypt in the past.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.