How to remove letsencrypt from ubuntu 20.04

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: theousted.com

I ran this command: I ran certbot to do dns challenge since port 80 is blocked by my isp

It produced this output: it failed stating that it did not get the expected response from server

My web server is (include version): Apache2 v 2.4.41

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: Me, the server is in my house

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 0.40.0

I tried to get an ssl from letsencrypt using Certbot. My server is in my house, my ISP blocks port 80, so I was trying to do a DNS challenge but it didn't work. I also use cloudflare and I was able to easily create a cert and key so I just want to use theirs, I don't have to waste all this time with a bot that grabs stuff, I can just generate and cut and paste on cloudflare. But certbot did something in the background when it failed. I have all my configs setup to point at the cert and key from cloudflare on my server. But when I go to my site, it fails saying "Invalid certificate" so I go to this site to check the SSL installed on the site:

https://www.sslshopper.com/ssl-checker.html#hostname=theousted.com

It shows letsencrypt instead of cloudflare. I have apache pointing to the files from cloudflare, did certbot create some config files somewhere that points to a letsencrypt cert? Can I just remove letsencrypt from my system entirely to fix this or is it a config file? Please help me remove letsencrypt and any config files that may override apache.

Thank you.

Cloudflare may issue certificates from Let's Encrypt. Since your attempt to get one failed I have to guess what you are seeing is the one Cloudflare got on your behalf.

The cert looks ok at your sslshopper link and my own check using openssl.

I don't see anything wrong with the certs sent by your server. Did you try just exit your browser and try again? They will cache old results so maybe that's all that's needed.

You can uninstall and delete all the parts from certbot if you no longer need it - no problem

2 Likes

There is also the "rollback" feature in certbot.
[which can revert any changes made to the webserver configuration - do that, if needed, BEFORE you uninstall certbot]

See:
User Guide — Certbot 1.22.0 documentation (eff-certbot.readthedocs.io)

2 Likes

Would they need that if never got any cert? I thought changes made only after successful issue?

2 Likes

I don't know what they have done or not done.
I trust only half of what I read.

2 Likes

That's a Cloudflare-specific error, not an error from your browser. In fact, the connection between your browser and Cloudflares edge server are perfectly secure :wink:

This error you're seeing is due to the fact your own Apache isn't properly secure where Cloudflare is configured in such a way that it actually expects a valid certificate. I would recommend to use a Cloudflare Origin certificate on your own server. See https://blog.cloudflare.com/cloudflare-ca-encryption-origin/ and https://developers.cloudflare.com/ssl/origin-configuration/origin-ca for more info.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.