Error When Adding Subdomain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: michaeljonesdevelopment.com

I ran this command: sudo /opt/bitnami/bncert-tool

It produced this output: An error occurred revoking certificates with Let's Encrypt:

2023/01/06 00:13:56 Trying to revoke certificate for domain
michaeljonesdevelopment.com
2023/01/06 00:13:56 Error while revoking the certificate for domain
michaeljonesdevelopment.com
acme: error: 403 :: POST ::
https://acme-v02.api.letsencrypt.org/acme/revoke-cert ::
urn:ietf:params:acme:error:unauthorized :: Certificate is expired

My web server is (include version): Apache

The operating system my web server runs on is (include version): Linux 4.19.0-23-cloud-amd64 x86_64

My hosting provider, if applicable, is: AWS Lightsail

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): NA

I attempted to add a new subdomain, but received this error message stating the certificate for the primary domain is expired. However, I just renewed the certificate less than 60 days ago and the certificate appears to be valid.

Does anyone know how I can resolve this? Thank you!

1 Like

Hi @MichaelJ, and welcome to the LE community forum :slight_smile:

That tool seems to want to revoke an already expired certificate.
Which is NOT possible.
Maybe you could somehow delete the certificate that has expired before continuing.

6 Likes

Reading a bit on how that tool works, I think it doesn't cover all possible scenarios.
Like: when a cert has expired and you need to remove it.
The default action is for it to be revoked and then removed.
But revoking an expired cert is NOT a valid choice.
So, it can't be removed [via that tool - at this version - it needs to be made smarter].

7 Likes

This has come up before. I don't understand why bitnami seems to revoke certificates. Is there an anti-pattern at play here? That client has caused so many problems for LetsEncrypt in the past.

6 Likes