I can login to a root shell on my machine (yes or no, or I don’t know): No
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk
I run a Ecommerce site through Ecwid and Hosted on Godaddy. I have previously tried to install a Lets Encrypt SSL which I actually did not need. I am now getting a Certificate Error on my website as the certificate has expired.
I have reset my dns and hosting account to try and resolve this.
Godaddy customer support have been terrible mainly trying to sell me an SSL. Now they are asking me to “contact lets encrypt and remove the domain from there”
The certificate is a feature of your web site configuration, and so nothing that Let’s Encrypt can do can remove it from your site (because we don’t administer your site). This probably needs to be accomplished through your control panel somehow.
If you obtained the certificate using the control panel, you might also be able to renew it within the control panel, but if you obtained it using an external tool or service, that wouldn’t be an option because you would have to repeat the entire original process in order to update the certificate.
The reason that visitors to your site encounter the HTTPS version with the now-expired certificate is twofold:
Second, your site sends an HSTS header Strict-Transport-Security: max-age=63072000; includeSubdomains; preload which tells browsers that they should remember that the site is always HTTPS-only, and never try to access it over HTTP in the future.
If you want your site to return to being HTTP-only, you’ll need to change these two features of your configuration, both of which can probably be done in your control panel (removing the HTTP to HTTPS redirect, and removing the HSTS header). Note that your HSTS policy will continue to affect browsers that remember it from visiting your site in the past. Your site is asking them to remember this policy for 63072000 seconds (two years). The browsers themselves obey and remember the policy, and you can’t remove it from people’s browsers except by replacing the policy with a different one using an unexpired valid certificate on an HTTPS version of your site. This is a possible reason that you may want to consider fixing the HTTPS support on your site instead of removing it.
I have woke up this morning and the site is now secure. I have a valid SSL from Lets Encrypt from 20 September 2019 05:22:24until 19 December 2019 04:22:24.
Im really not sure why? as I have not tried to add a new one.
The last certificate ran out on the 4th of September.
Whats the best way of making sure this does not happen again in December? I don’t really want to manually have to renew it every 3 months. Particularly as I don’t need it in the first place.
I take it the SSL is attached to the Domain rather than the hosting account.
We always recommend that everybody using Let’s Encrypt set up automated renewals instead of relying on manual renewals. It sounds like someone involved with your hosting has set that up for you somehow, maybe automatically without your asking. I would suggest asking your hosting providers more about how that might be happening—I don’t know what Ecwid is but maybe it’s them, as opposed to GoDaddy.
I'm not really sure what "attached to" means. It has to be obtained by software that has to run on a server somewhere. Normally that's the hosting provider's server. But the certificate refers to domain names for which it's valid, which are listed within the body of the certificate itself.