My domain name is wangyinxiang.skin,I once applied for acme for this domain name on a certain machine, but that machine is no longer available, and now it has changed too many machines, so I reported an error when I applied for a certificate for the domain name again. May I ask how to solve it?
ERR is translated into English: The script exits because the certificate fails to be signed.
You generally don't need to revoke the certificate unless the private key has been exposed.
Which version of Certbot (I assume it's certbot) are you using and on what operating system?
1 Like
It looks like acme.sh. I have no idea what that error says, I doubt it comes from acme.sh directly.
Extrapolating from what I see, you have a certificate already and your acme client knows about it and won't renew it until April 18th.
4 Likes
@Goodman I'd also guess that the most likely problem would be ISRG Root X1 not present in the trust store, assuming that affects acme.sh - the Let's Encrypt default certificate chain recently changed to use ISRG Root X1 as the root issuer instead of DST Root CA X3.
1 Like
Linux admin 4.19.0 #1 SMP Wed Jul 12 12:00:44 MSK 2023 x86_64 GNU/Linux
What does this show?
echo | openssl s_client -connect acme-v02.api.letsencrypt.org:443 -showcerts
2 Likes
It looks like the exist is because the cert is not yet due for renewal.
2 Likes
So, how to solve it?
Solve what?
You should already have a valid cert [that won't expire until 30 days after 2024-04-18].
I don't see any problem.
2 Likes
I'd like to cancel this unexpired one and reapply and install it on a new machine. May I ask when there is a way?
There is no need to cancel a cert to get another just like it.
Just get another one [just like that one].
4 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.