How to remove the SSL of a DNS that is no Longer in my server? I lost all the config files for that

I want to remove the SSL from my previous DNS which is dimer.asti.dost.gov.ph, but i lost all config files for it. and upon checking SSL labs it still has SSL andd it is auto renewing the SSL. How can I stop it or revive the SSL.

Hi @alamtester01, and welcome to the LE community forum :slight_smile:

We may be able to help you stop the ACME client from renewing, but you must first tell us which ACME client you are using.

We might also be able to tell you how to rebuild the lost file(s) that used a cert, but we would need to know more about how it was being used.

2 Likes

Hello @rg305 is it Certbot?

I just found the tutorial before via chatgpt, then my Server is Ubuntu.

I don't know; Let's check.
Try showing the output of:
certbot certificates

2 Likes

This is the ouput of certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log


No certificates found.


1 Like

Then there isn't much of anything left to remove.

1 Like

Are you sure you want to "remove the SSL"? Can you explain more what you mean by that?

The "SSL" is two parts. One is the certificate and the other is your server config.

Certbot says your certificate is already deleted. But, your server is still using a cert that was issued on Nov16. You need to remove the nginx server block that references that cert. Otherwise nginx will fail to start / restart due to the missing cert file.

You also redirect HTTP requests to HTTPS so you would need to change that too if you want to "remove the SSL".

But, why would you want to remove "SSL" which would also prevent using HTTPS?

2 Likes

Hi @alamtester01,

i lost all config files for it

  1. Find the nginx config file for "dimer.asti.dost.gov.ph" with:

egrep -rs "dimer.asti.dost.gov.ph" --include=*.conf /

  1. Check this file or just grep to find the certificates that it is using with:

egrep "ssl_certificate"

  1. If you want to stop running the server on port 443 and use SSL certs, you will have to modify the NGINX config and firewall rules.

  2. If you want to just stop using (and renewing) this trusted SSL certificate but continue running the server on port 443, you will have to use a self-signed certificate or another certificate. Here is an example command to generate a self-signed cert:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/dimer-selfsigned.key -out /etc/ssl/certs/dimer-selfsigned.crt

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.