How to get a private key of a certificate

karthi_mugil · April 11, 2022, 2:30pm

Hello,

I have generated a certificate using cert-manager to secure the Nginx-ingress controller

in our Kubernetes cluster.
I hit the 'Duplicate Certificate limit' during the deployment test of my service.(I didn't know there is
a ratelimit).
Could anyone please let me know how to retrieve the certificate and private key for the already
issued certificate by letsencrypt? I will add it to Kubernetes secret to bring the service.

Thanks,
-karthi

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.marketsnapshot.io

I ran this command: generated certificate using Kubernetes 'issuer' manifest

It produced this output:

My web server is (include version): Nginx-ingress controller

The operating system my web server runs on is (include version): ubuntu 18.04

My hosting provider, if applicable, is: google domain

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

9peppe · April 11, 2022, 3:59pm

Where does your software store it?

You get it from there.

Osiris · April 11, 2022, 4:19pm

The private key is well, private. So it isn't available to the public nor to Let's Encrypt.

karthi_mugil · April 11, 2022, 5:48pm

It was stored in kubernetes secret. Unfortunately, it was deleted as part of uninstall of my service.

karthi_mugil · April 11, 2022, 5:50pm

Please let me know how can I use the already issued certificate.Should I have to wait for 1week to
request a new certificate? Thanks.

9peppe · April 11, 2022, 6:12pm

Then the only way to recover it is to cryptographically attack the public key.

The probability you'll do that successfully before the certificate expires is pretty much zero.

Osiris · April 11, 2022, 6:21pm

Without the corresponding private key, you can't.

You indeed have to wait a week to issue the same certificate again, yes. You can read more about the rate limits in the Let's Encrypt documentation:

Please be more careful in the future. I would like to advise you to also read the other documentation pages.

karthi_mugil · April 11, 2022, 7:53pm

ok. Thanks for your time and response.

karthi_mugil · April 11, 2022, 7:54pm

Thanks for your response and time.

system · May 11, 2022, 7:54pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certificate renewal using cert-manager on kubernetes cluster Help	3	4077	January 22, 2020
Cert-manager and let's encrypt Help	2	824	February 11, 2022
Force renewing of certificates with cert-manager Help	7	22171	April 3, 2020
Multiple certs for same domain? Help	2	463	October 10, 2023
I am trying to generate new certificate but getting error Help	6	3146	May 28, 2022

How to get a private key of a certificate

Related topics