How can I uninstall LetsEncrypt and all certificates, to redo all of them


#1

I’m using Ubuntu 16.04 and Apache 2.
For some reason my certificates messed up, and honestly they are a mess. I want to uninstall Let’s Encrypt and all the certificates I have (most of them all expired) so I can setup this a second time better.
Is there a way to do this easily without getting rid of the machine and setting it up again?
I’ve full access to the server.


#2

Hi,

If you are using Certbot, it is really easy to be removed from system. However, even after you removed the file and programs, you’ll need to manually dig into the virtual hosts and fix all port 443 (https) hosts before you could even start your apache (else it would tell you certificate / key not found and refused to start)

No, at least not in my knowledge, to easily restart…

Thank you


#3

Hi @andre-paulo98

what reason?

If you hit the rate limit, removing or revoking certificates doesn’t help.


#4

I had 2 main domain names, and for some reason they all grouped together. Now I only have 1 certificate for all my websites and the domain is not valid anymore.
I’ve not touched on this for a week, so I don’t think rate limit would be the issue.


#5

Why should uninstall and re-install help?

Please answer all of these questions. Perhaps share your configuration files.


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#6

My domain is:

cloud.andrepaulo.tk (one example)

I ran this command: certbot renew

It produced this output:

The following certs are not due for renewal yet:
...
/etc/letsencrypt/live/cloud.andrepaulo.tk/fullchain.pem expires on 2019-01-04 (skipped)
...

My web server is (include version): Apache/2.4.18

The operating system my web server runs on is (include version): Ubuntu 16.04.5 LTS

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel: No


Now while the renew command said that certificate is valid and only expires next year, once I go there I get the message that the certificate is invalid.


#7

Checking your certificates:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:true;include_subdomains:false;domain:cloud.andrepaulo.tk&lu=cert_search

You have certificates with one name, but installed is an expired certificate with a lot of domain names:

DNS-Name: analytics.andrepaulo.tk
DNS-Name: andrepaulo.me
DNS-Name: andrepaulo.tk
DNS-Name: api.andrepaulo.tk
DNS-Name: api.sogest.andrepaulo.me
DNS-Name: back.sogest.andrepaulo.me
DNS-Name: cloud.andrepaulo.tk
DNS-Name: enru.ga
DNS-Name: front.sogest.andrepaulo.me
DNS-Name: gep.andrepaulo.me
DNS-Name: gep.andrepaulo.tk
DNS-Name: go.andrepaulo.tk
DNS-Name: insta.andrepaulo.me
DNS-Name: insta.andrepaulo.tk
DNS-Name: kastiaapi.andrepaulo.me
DNS-Name: netdata.andrepaulo.me
DNS-Name: pma.andrepaulo.me
DNS-Name: pma.andrepaulo.tk
DNS-Name: portfolio.andrepaulo.me
DNS-Name: projeto.andrepaulo.me
DNS-Name: resmun.ga
DNS-Name: sogest.andrepaulo.me
DNS-Name: testing.andrepaulo.me
DNS-Name: testing.andrepaulo.tk
DNS-Name: www.andrepaulo.me
DNS-Name: www.andrepaulo.tk

But this big certificate isn’t renewed. So use

certbot certificates

to find that certificate valid 2019-01-04

https://transparencyreport.google.com/https/certificates/4bGYduNVybe6745311dWeJrySlZJUjYOCLGuSVkizOQ%3D

then you have the file name and the file path. Then find your ssl - configuration of this domain and replace the file names. You use an Apache, so check something like

https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html

    SSLEngine on
    SSLCertificateFile "/path/to/www.example.com.cert"
    SSLCertificateKeyFile "/path/to/www.example.com.key"

#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.