How can delete all Certificates of account/Domain


#1

My domain is:
https://crt.sh/?q=dolas52b.pcsacc400.de

I used ZeroSSL for a manual mode.
I tested it, but now i have delete all Client Certificate Request (CSR) on own Testsystem. Also deleted all Letsencrypt Certificates. So now, I can not used the Certificate of Letsencrypt. Because the System generate a Request (CSR) file. This Request can i get a new Certificat over ZeroSSL. But i have arrived the limitation of certificates. Because i had a problem with a Chrome and EDGE Browser with a ISRG Root X1 (self-signed) certificate. So i had imported a DST Root CA X3 and will create a new Certificate for testing. So my Idea, was to delete all Certificates of Letsencrypt for this Domain. But how can do this in manual mode, without a ACME Client or Certbot?

My web server is (include version):
Apache 2.2

The operating system my web server runs on is (include version):
IBM i (OS400) V7R1

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes but the acme client not running on this System. Because the System use DCM of IBM.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No


#2

Hello @bbusch

this looks not good. You hit the limit - and you must wait.

So my Idea, was to delete all Certificates of Letsencrypt for this Domain.

This doesn’t remove the limit.

If you want to test some things, use the staging system, not the productive system. The staging system doesn’t produce Certificate Transparency - entries (listet https://crt.sh/ ).


#3

The domain isn’t presently affected by any domain-based rate limits: https://letsdebug.net/dolas52b.pcsacc400.de/1724?debug=y#RateLimit-Debug

crt.sh must be read carefully because it shows certificates twice, one poisoned and one real entry, for the same actual entity that is tracked by Boulder for rate limits.

OP is probably affected by the hourly authz limit or something like that. It would help to see the actual error message, if any.


#4

You don’t have to issue a new certificate to switch between the intermediate signed by DST Root CA X3 and the intermediate signed by ISRG Root X1. You can just swap the files or whatever.


#5

Thats realy fasted support forum here. Thanks all for you helps. Also _az thanks for your notice, that i have not arrived the limit. i have tried again. Now it’s running. I think, i was to blind or what ever. Thanks Thanks and i wish you all a nice day.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.