Error When Adding Subdomain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: sudo /opt/bitnami/bncert-tool

It produced this output: An error occurred revoking certificates with Let's Encrypt:

2023/01/06 00:13:56 Trying to revoke certificate for domain
2023/01/06 00:13:56 Error while revoking the certificate for domain
acme: error: 403 :: POST :: ::
urn:ietf:params:acme:error:unauthorized :: Certificate is expired

My web server is (include version): Apache

The operating system my web server runs on is (include version): Linux 4.19.0-23-cloud-amd64 x86_64

My hosting provider, if applicable, is: AWS Lightsail

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): NA

I attempted to add a new subdomain, but received this error message stating the certificate for the primary domain is expired. However, I just renewed the certificate less than 60 days ago and the certificate appears to be valid.

Does anyone know how I can resolve this? Thank you!

1 Like

Hi @MichaelJ, and welcome to the LE community forum :slight_smile:

That tool seems to want to revoke an already expired certificate.
Which is NOT possible.
Maybe you could somehow delete the certificate that has expired before continuing.


Reading a bit on how that tool works, I think it doesn't cover all possible scenarios.
Like: when a cert has expired and you need to remove it.
The default action is for it to be revoked and then removed.
But revoking an expired cert is NOT a valid choice.
So, it can't be removed [via that tool - at this version - it needs to be made smarter].


This has come up before. I don't understand why bitnami seems to revoke certificates. Is there an anti-pattern at play here? That client has caused so many problems for LetsEncrypt in the past.