I setup certbot on one of my machines, and used a certain account to issue certificates. The machine went down and couldn't restore it. I setup a new machine and used a new account. How can I check what were the certificates I generated on the first machine?
I am aware that I get an email and I did. But the e-mail says certificate one is expiring in X days and 1 more. I am unable to determine this 1 more certificate. the e-mail doesn't say.
Thank you and appreciate your help.
I don't think as of now, there's a way of getting a list of certificates generated for a specific account via self-service (or even possible, without some serious matter). For example, do you know what's your account credential (the json file that holds your account information)?
If you know the domains you have control with, you should be able to pull information from any certificate transparency provider (the two easiest ones: crt.sh and Google Transparency Report
If you have a certificate log available, you can replicate the EXACT set of domains/hostnames to include in the new certificate.
Hope this helps!
P.S. Why am I up so early? Too much coffee from starbucks!
Indeed, I do have this (the json file that holds your account information)? Would the json file help me in any way?
I'm not sure what are the domains as I'm handling multiple domain names not related to myself but to my clients and that's why I can't use Google Transparency Report
I'm not a staff member of Let's Encrypt or ISRG or EFF, so this is definitely not an official response
I don't think it would help unless Let's Encrypt staff would like to step in... Is there an specific reason why you need that list? I don't think this ever happened before so I'm not sure what they would do about it. And to be honest, I don't think it makes sense to disclose it without a valid security reason...
BUT, it's my own thoughts.
One sure thing I can say is: You can try to send a message to
@lestaff team and see what they say.
No definitely don't want to send my json file to anyone. Security is a top priority.
The thing is I must renew these certificates because clients have online resources. So I must know what certificates specially that I forgot to keep track or a list .
Thank you for stepping in I will send them a message.
Can't you just check the webserver software for the configured hostnames?
Or pull your certificate data from a fairly recent backup. You do have backups, don't you?
Yeah, I'm similarly confused. You don't know what domains you're hosting? Getting that from other places (webserver configs, your DNS records, receipts for names you've bought) is probably easier than trying to get it from a list of certificates?
I've inherited this from someone and a short, quick answer is not possible. It' s quite complicated, I just need to know which domains names are covered by an SSL from let's encrypt. The issue is not the ssl itself, it's about which domains are covered and which ones to renew. not the server or certificate itself.
There are plenty, distributed hosting and many domains and plus i've inherited this so i've got no clue. short answer is no records of domains yea it's a cluster f***.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.