Good morning lets encrypt community,
I’m running a WordPress site on a Bitnami Stack through GCP on Apache, Debian OS.
I had initially setup My let’s encrypt certificate on another server apart from the one that the site currently operates on, but I just kept the original certificate and key and moved them to my current server. Recently my certificate expired as I hadn’t setup a cron job for auto renewal now when I try to setup another certificate I either get one of these messages in the following format.
Command Option 1 Output:
"provide a valid space-separated list of domains for which you wish to configure your web server.
A certificate was found at /directory/directory/directory/WEBSITE.com.crt It is registered for a different set of domains: website.com www.website.com. Do you want to disable/revoke the existing certificate and create a new one? [Y/N]: Y
Warning: The domain ‘website.com’ resolves to a different IP address than the one detected for this machine which is ‘11.111.111’. Please fix its DNS entries or remove it.
Command Option 2 Output:
(Huge output of callbacks to lets encrypt acme api)
Deactivating auth: https://acme…
Unable to deactivate the authorization: https://acme-…
could not obtain certificates: error: one or more domains had a problem [website.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN (cutoff screen) for tls-alpn-01 challenge, url:
So, I was wondering if anyone here works at let’s encrypt? If so is there a way you can remove the original record of my domain that was on ‘11.111.11’ IP from the let’s encrypt ssl cert DB, but keep the email that I made the original certificate with so that I could try to create another certificate on my current web-server and potentially create an auto-renew cron job so that I don’t run into this issue in the future?
Also, IDK if the stack that my site is on works with certbot. I tried it on another server with the same stack in the past and it didn’t work . The stack that I’m using comes with its own derivative version called “bncert”.
The reason I care so much about having a fully functional certificate and key on my server is because I want to be pci compliant as this site may have some e-commerce functionality in the future when it goes public.