How to revoke a certificate when certbot revoke not installed

Hello Everybody,

certbot is not installed and i don't can upgrade Debian 8.11 to 9. how to revoke certificate with the root account and all pem file ?

My domain is:
....................
www.atk.lu

I ran this command:
...............................
sudo /letsencrypt/certbot revoke --cert-path /etc/letsencrypt/live/atk.lu/cert.pem --key-path /etc/letsencrypt/live/atk.lu/privkey.pem --reason keyCompromise

................
It produced this output:
sudo: /letsencrypt/certbot: command not found

My web server is (include version): Apache 2

The operating system my web server runs on is (include version):
LINUX DEBIAN 8.11 JESSIE

My hosting provider, if applicable, is:
KIMSUFFI (OVH)

I can login to a root shell on my machine (yes or no, or I don't know):
YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Certbot-auto (i don't have the version)

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:c8:a1:76:e2:fb:4f:33:84:c9:e2:73:30:7f:d4:c9:39:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: (CA ID: 183267)
commonName = R3
organizationName = Let's Encrypt
countryName = US
Validity (Expired)
Not Before: Dec 14 22:24:06 2021 GMT
Not After : Mar 14 22:24:05 2022 GMT
Subject:
commonName = atk.lu
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:47:20:ef:ff:33:16:7e:b4:1e:8d:11:c6:42:
5b:a3:7b:1e:ad:80:33:ac:de:a8:3d:c5:75:b7:a2:
93:33:e7:39:f8:87:72:ce:14:29:ab:df:a4:1f:16:
53:39:0f:d0:82:6b:b0:b5:13:44:7a:0d:f2:8e:d8:
a8:b7:f2:b3:95:48:66:e4:d1:06:87:6b:07:29:b2:
ca:b4:8c:12:bf:d6:bd:e1:b8:ea:8c:bb:23:e2:42:
64:67:bd:f5:76:a6:91:7e:ac:70:48:e3:94:8e:1f:
57:b4:fe:6e:9a:1e:6b:02:60:46:a4:8c:9b:6d:7f:
50:31:ad:e4:f2:b8:03:63:8c:a1:0f:59:fa:45:f9:
a1:18:3e:7c:29:b0:a5:ff:65:bb:b5:67:e3:24:16:
2d:95:d1:10:62:ee:53:db:29:7e:0e:01:e4:af:74:
ce:04:b6:fd:94:94:bc:a8:76:f2:85:94:4c:6d:de:
b9:45:74:b8:93:b5:31:72:40:5e:5f:d9:ea:d3:7e:
b9:f3:42:8f:bb:0d:31:f3:08:e1:6d:f6:04:f2:9a:
c3:8a:eb:36:25:f9:96:c4:2d:05:39:bf:fa:6f:26:
48:26:b7:a8:e6:f6:3c:85:c9:5e:ba:6d:38:1f:14:
da:97:be:32:de:82:a6:77:6d:f1:6d:b0:a2:92:bc:
56:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
A4:98:84:E6:2D:25:54:5D:E2:80:4F:65:B2:27:9A:80:14:C5:25:C3
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6

        Authority Information Access: 
            OCSP - URI:http://r3.o.lencr.org
            CA Issuers - URI:http://r3.i.lencr.org/

        X509v3 Subject Alternative Name: 
            DNS:atk.lu
            DNS:atkconnectassist.com
            DNS:atkprocare.com
            DNS:autotracking.be
            DNS:autotracking.eu
            DNS:delta-epsilon.be
            DNS:delta-epsilon.eu
            DNS:delta-epsilon.fr
            DNS:dsc-security.be
            DNS:dsc-security.com
            DNS:oktopus.autotracking.eu
            DNS:personalassist.eu
            DNS:procarewatch.com
            DNS:proconnectassist.com
            DNS:sc-sa.com
            DNS:securitycompanysa.com
            DNS:shop-security.eu
            DNS:shop.autotracking.eu
            DNS:vigihd.com
            DNS:vigisur.com
            DNS:www.atk.lu
            DNS:www.atkconnectassist.com
            DNS:www.atkprocare.com
            DNS:www.autotracking.be
            DNS:www.autotracking.eu
            DNS:www.delta-epsilon.be
            DNS:www.delta-epsilon.eu
            DNS:www.delta-epsilon.fr
            DNS:www.dsc-security.be
            DNS:www.dsc-security.com
            DNS:www.personalassist.eu
            DNS:www.procarewatch.com
            DNS:www.proconnectassist.com
            DNS:www.sc-sa.com
            DNS:www.securitycompanysa.com
            DNS:www.shop-security.eu
            DNS:www.vigihd.com
        X509v3 Certificate Policies: 
            Policy: 2.23.140.1.2.1
            Policy: 1.3.6.1.4.1.44947.1.1.1
              CPS: http://cps.letsencrypt.org

        CT Precertificate SCTs: 
            Signed Certificate Timestamp:
                Version   : v1 (0x0)
                Log Name  : Cloudflare Nimbus 2022
                Log ID    : 41:C8:CA:B1:DF:22:46:4A:10:C6:A1:3A:09:42:87:5E:
                            4E:31:8B:1B:03:EB:EB:4B:C7:68:F0:90:62:96:06:F6
                Timestamp : Dec 14 23:24:07.005 2021 GMT
                Extensions: none
                Signature : ecdsa-with-SHA256
                            30:46:02:21:00:F9:01:03:42:A1:D9:8A:47:D4:01:C2:
                            A4:42:E0:43:F9:CA:5C:27:7F:E4:62:73:F8:2C:12:76:
                            16:50:90:A5:D5:02:21:00:86:89:D7:65:67:8E:C2:60:
                            93:ED:3E:8E:C1:89:9E:D3:A8:25:60:3D:DD:6C:DA:56:
                            C8:CB:1D:BB:35:59:2B:B8
            Signed Certificate Timestamp:
                Version   : v1 (0x0)
                Log Name  : Google Argon 2022
                Log ID    : 29:79:BE:F0:9E:39:39:21:F0:56:73:9F:63:A5:77:E5:
                            BE:57:7D:9C:60:0A:F8:F9:4D:5D:26:5C:25:5D:C7:84
                Timestamp : Dec 14 23:24:06.998 2021 GMT
                Extensions: none
                Signature : ecdsa-with-SHA256
                            30:44:02:20:72:9F:A6:79:80:B5:E2:72:CC:F5:78:DA:
                            AA:8C:AC:DE:DB:AE:55:B7:60:46:1C:77:1F:37:9A:35:
                            83:FC:CB:85:02:20:12:96:DF:43:8E:1B:AF:F7:60:DB:
                            9A:11:90:A9:0E:D7:06:B8:20:10:16:D6:36:8A:A1:F0:
                            AF:2F:DE:13:51:99
Signature Algorithm: sha256WithRSAEncryption
     4b:66:4f:e6:32:84:fa:e9:bd:db:e4:c6:bd:d7:31:43:cd:63:
     44:ce:49:85:29:9d:85:61:88:a7:12:1c:b4:53:03:7e:5e:05:
     9f:b6:3c:90:94:d1:b4:cd:50:e0:57:47:c7:fa:ba:28:ab:e1:
     8d:68:17:aa:77:22:59:cf:24:fc:b0:6e:fe:b2:6d:f9:76:8f:
     43:43:33:3f:97:48:77:a7:f5:13:57:f7:46:21:c4:a0:4f:d2:
     b8:54:05:c9:ff:ce:66:85:cb:b9:44:1b:2f:b0:84:74:a4:aa:
     f8:c0:61:6a:8b:5b:c5:e9:31:ec:ad:d5:90:de:4d:6e:5c:c1:
     9e:9c:4b:3d:c6:39:9b:ef:31:5a:db:bd:99:78:22:70:c6:f6:
     07:8c:15:d5:f9:49:39:ec:ec:6c:70:64:70:35:2a:d4:da:14:
     67:32:ea:d7:76:d2:fc:09:b9:bd:dd:16:4d:ad:84:4f:d0:94:
     e9:ff:6b:48:b4:c8:b7:9c:7f:a0:ff:23:20:76:a5:58:0d:b1:
     af:cb:96:c9:8d:e5:03:26:21:cd:a9:d2:10:fb:10:c9:46:7b:
     07:a6:fb:79:23:dd:35:d6:15:c1:5e:97:86:72:cd:0c:f3:ae:
     dd:b1:fc:01:d0:e1:bb:1b:9f:19:56:31:fe:05:7a:68:58:b0:
     29:76:6f:44

My domain is:
....................
www.atk.lu

I ran this command:
...............................
sudo /letsencrypt/certbot revoke --cert-path /etc/letsencrypt/live/atk.lu/cert.pem --key-path /etc/letsencrypt/live/atk.lu/privkey.pem --reason keyCompromise

................
It produced this output:
sudo: /letsencrypt/certbot: command not found

My web server is (include version): Apache 2

The operating system my web server runs on is (include version):
LINUX DEBIAN 8.11 JESSIE

My hosting provider, if applicable, is:
KIMSUFFI (OVH)

I can login to a root shell on my machine (yes or no, or I don't know):
YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Certbot-auto (i don't have the version)

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:c8:a1:76:e2:fb:4f:33:84:c9:e2:73:30:7f:d4:c9:39:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: (CA ID: 183267)
commonName = R3
organizationName = Let's Encrypt
countryName = US
Validity (Expired)
Not Before: Dec 14 22:24:06 2021 GMT
Not After : Mar 14 22:24:05 2022 GMT
Subject:
commonName = atk.lu
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:47:20:ef:ff:33:16:7e:b4:1e:8d:11:c6:42:
5b:a3:7b:1e:ad:80:33:ac:de:a8:3d:c5:75:b7:a2:
93:33:e7:39:f8:87:72:ce:14:29:ab:df:a4:1f:16:
53:39:0f:d0:82:6b:b0:b5:13:44:7a:0d:f2:8e:d8:
a8:b7:f2:b3:95:48:66:e4:d1:06:87:6b:07:29:b2:
ca:b4:8c:12:bf:d6:bd:e1:b8:ea:8c:bb:23:e2:42:
64:67:bd:f5:76:a6:91:7e:ac:70:48:e3:94:8e:1f:
57:b4:fe:6e:9a:1e:6b:02:60:46:a4:8c:9b:6d:7f:
50:31:ad:e4:f2:b8:03:63:8c:a1:0f:59:fa:45:f9:
a1:18:3e:7c:29:b0:a5:ff:65:bb:b5:67:e3:24:16:
2d:95:d1:10:62:ee:53:db:29:7e:0e:01:e4:af:74:
ce:04:b6:fd:94:94:bc:a8:76:f2:85:94:4c:6d:de:
b9:45:74:b8:93:b5:31:72:40:5e:5f:d9:ea:d3:7e:
b9:f3:42:8f:bb:0d:31:f3:08:e1:6d:f6:04:f2:9a:
c3:8a:eb:36:25:f9:96:c4:2d:05:39:bf:fa:6f:26:
48:26:b7:a8:e6:f6:3c:85:c9:5e:ba:6d:38:1f:14:
da:97:be:32:de:82:a6:77:6d:f1:6d:b0:a2:92:bc:
56:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
A4:98:84:E6:2D:25:54:5D:E2:80:4F:65:B2:27:9A:80:14:C5:25:C3
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6

        Authority Information Access: 
            OCSP - URI:http://r3.o.lencr.org
            CA Issuers - URI:http://r3.i.lencr.org/

        X509v3 Subject Alternative Name: 
            DNS:atk.lu
            DNS:atkconnectassist.com
            DNS:atkprocare.com
            DNS:autotracking.be
            DNS:autotracking.eu
            DNS:delta-epsilon.be
            DNS:delta-epsilon.eu
            DNS:delta-epsilon.fr
            DNS:dsc-security.be
            DNS:dsc-security.com
            DNS:oktopus.autotracking.eu
            DNS:personalassist.eu
            DNS:procarewatch.com
            DNS:proconnectassist.com
            DNS:sc-sa.com
            DNS:securitycompanysa.com
            DNS:shop-security.eu
            DNS:shop.autotracking.eu
            DNS:vigihd.com
            DNS:vigisur.com
            DNS:www.atk.lu
            DNS:www.atkconnectassist.com
            DNS:www.atkprocare.com
            DNS:www.autotracking.be
            DNS:www.autotracking.eu
            DNS:www.delta-epsilon.be
            DNS:www.delta-epsilon.eu
            DNS:www.delta-epsilon.fr
            DNS:www.dsc-security.be
            DNS:www.dsc-security.com
            DNS:www.personalassist.eu
            DNS:www.procarewatch.com
            DNS:www.proconnectassist.com
            DNS:www.sc-sa.com
            DNS:www.securitycompanysa.com
            DNS:www.shop-security.eu
            DNS:www.vigihd.com
        X509v3 Certificate Policies: 
            Policy: 2.23.140.1.2.1
            Policy: 1.3.6.1.4.1.44947.1.1.1
              CPS: http://cps.letsencrypt.org

        CT Precertificate SCTs: 
            Signed Certificate Timestamp:
                Version   : v1 (0x0)
                Log Name  : Cloudflare Nimbus 2022
                Log ID    : 41:C8:CA:B1:DF:22:46:4A:10:C6:A1:3A:09:42:87:5E:
                            4E:31:8B:1B:03:EB:EB:4B:C7:68:F0:90:62:96:06:F6
                Timestamp : Dec 14 23:24:07.005 2021 GMT
                Extensions: none
                Signature : ecdsa-with-SHA256
                            30:46:02:21:00:F9:01:03:42:A1:D9:8A:47:D4:01:C2:
                            A4:42:E0:43:F9:CA:5C:27:7F:E4:62:73:F8:2C:12:76:
                            16:50:90:A5:D5:02:21:00:86:89:D7:65:67:8E:C2:60:
                            93:ED:3E:8E:C1:89:9E:D3:A8:25:60:3D:DD:6C:DA:56:
                            C8:CB:1D:BB:35:59:2B:B8
            Signed Certificate Timestamp:
                Version   : v1 (0x0)
                Log Name  : Google Argon 2022
                Log ID    : 29:79:BE:F0:9E:39:39:21:F0:56:73:9F:63:A5:77:E5:
                            BE:57:7D:9C:60:0A:F8:F9:4D:5D:26:5C:25:5D:C7:84
                Timestamp : Dec 14 23:24:06.998 2021 GMT
                Extensions: none
                Signature : ecdsa-with-SHA256
                            30:44:02:20:72:9F:A6:79:80:B5:E2:72:CC:F5:78:DA:
                            AA:8C:AC:DE:DB:AE:55:B7:60:46:1C:77:1F:37:9A:35:
                            83:FC:CB:85:02:20:12:96:DF:43:8E:1B:AF:F7:60:DB:
                            9A:11:90:A9:0E:D7:06:B8:20:10:16:D6:36:8A:A1:F0:
                            AF:2F:DE:13:51:99
Signature Algorithm: sha256WithRSAEncryption
     4b:66:4f:e6:32:84:fa:e9:bd:db:e4:c6:bd:d7:31:43:cd:63:
     44:ce:49:85:29:9d:85:61:88:a7:12:1c:b4:53:03:7e:5e:05:
     9f:b6:3c:90:94:d1:b4:cd:50:e0:57:47:c7:fa:ba:28:ab:e1:
     8d:68:17:aa:77:22:59:cf:24:fc:b0:6e:fe:b2:6d:f9:76:8f:
     43:43:33:3f:97:48:77:a7:f5:13:57:f7:46:21:c4:a0:4f:d2:
     b8:54:05:c9:ff:ce:66:85:cb:b9:44:1b:2f:b0:84:74:a4:aa:
     f8:c0:61:6a:8b:5b:c5:e9:31:ec:ad:d5:90:de:4d:6e:5c:c1:
     9e:9c:4b:3d:c6:39:9b:ef:31:5a:db:bd:99:78:22:70:c6:f6:
     07:8c:15:d5:f9:49:39:ec:ec:6c:70:64:70:35:2a:d4:da:14:
     67:32:ea:d7:76:d2:fc:09:b9:bd:dd:16:4d:ad:84:4f:d0:94:
     e9:ff:6b:48:b4:c8:b7:9c:7f:a0:ff:23:20:76:a5:58:0d:b1:
     af:cb:96:c9:8d:e5:03:26:21:cd:a9:d2:10:fb:10:c9:46:7b:
     07:a6:fb:79:23:dd:35:d6:15:c1:5e:97:86:72:cd:0c:f3:ae:
     dd:b1:fc:01:d0:e1:bb:1b:9f:19:56:31:fe:05:7a:68:58:b0:
     29:76:6f:44

Hi @itdsc and welcome to the LE community forum

Why do you need to revoke a cert?

Because i have forgotten to renew cert in good time.

Revoking will not help that. Let's Encrypt says revoking should only be done when the cert is no longer safe to use such as being compromised by hackers.

Just create a new cert and you are fine.

It's possible to create a new cert when the expired cert is in link with my domain name ? I have the precedent email, i have the 4 pem file.

Yes, it is possible.

Let's Encrypt does not validate certs when performing HTTP challenges. And, DNS challenges do not see the cert from your server.

Ok, with certbot-auto ? Because my certbot don't work on these server. With an alternative ?

Don't use certbot-auto, it's deprecated. If certbot can't run, use another client: acme.sh can be a good option, but the best one is upgrading to Debian 10 or 11.

(Debian 9 will reach EOL in June 2022 and Debian 8 is EOL since June 2020)

Yes, I agree with @9peppe about certbot-auto.

Here is an old article about it that might help too

i have tried too. Snap not installed becaue don't find package, i have tried to install acme.sh but not found too.
Is it a problem with source list ?

Yes and no. Debian 8 repositories might be offline/archived, and acme.sh isn't distributed via apt (at least, I don't think it is).

Snaps on Debian 8... I'm not sure if they are supported. (They look like they aren't)

I have an old linux installed automaticaly by provider, i have an upgrade that don't pass, i don't can install a client for revoke or renew. All is fine ? I think in two days i don't have no more job

You can use acme.sh.

Make sure your apt sources are pointing the right way: Debian -- Distribution Archives

"" deb http://archive.debian.org/debian/ jessie main non-free contrib
"" deb-src http://archive.debian.org/debian/ jessie main non-free contrib

"" deb http://archive.debian.org/debian-security/ jessie/updates main non-free contrib
"" deb-src http://archive.debian.org/debian-security/ jessie/updates main non-free contrib

"" deb http://security.debian.org/ jessie/updates main contrib non-free
"" deb-src http://security.debian.org/ jessie/updates main contrib non-free

I have do a git hub copy

git clone https://github.com/acmesh-official/acme.sh.git
cd ./acme.sh
./acme.sh --install -m my@example.com

and install :

./acme.sh --install
--home ~/myacme
--config-home ~/myacme/data
--cert-home ~/mycerts
--accountemail "me@my-domain.BTC"
--accountkey ~/myaccount.key
--accountconf ~/myaccount.conf
--useragent "this is my client."

This is the answer to these command

[mercredi 16 mars 2022, 06:12:25 (UTC+0100)] It is recommended to install socat first.
[mercredi 16 mars 2022, 06:12:25 (UTC+0100)] We use socat for standalone server if you use standalone mode.
[mercredi 16 mars 2022, 06:12:25 (UTC+0100)] If you don't use standalone mode, j ust ignore this warning.
[mercredi 16 mars 2022, 06:12:25 (UTC+0100)] Installing to /root/myacme
[mercredi 16 mars 2022, 06:12:25 (UTC+0100)] Installed to /root/myacme/acme.sh
[mercredi 16 mars 2022, 06:12:25 (UTC+0100)] Installing alias to '/root/.bashrc'
[mercredi 16 mars 2022, 06:12:25 (UTC+0100)] OK, Close and reopen your terminal to start using acme.sh
[mercredi 16 mars 2022, 06:12:25 (UTC+0100)] Installing cron job
10 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
[mercredi 16 mars 2022, 06:12:25 (UTC+0100)] Good, bash is found, so change the shebang to use bash as preferred.
[mercredi 16 mars 2022, 06:12:27 (UTC+0100)] OK

You installed it in /root/.acme.sh it looks like.

Set it up to use Let's Encrypt as the default CA (it's not when you download it) and read its documentation on how to use it.

acme.sh --help is a good place to start.

Hello,

Thank you for your help.
I finally managed to renew with certbot using absolute paths but unfortunately I'm stuck for a week.
Would you have the links of how to create a new certificate completely with a new domain name not yet used?

Try:

/root/.acme.sh/acme.sh --issue --webroot /ACMEchallenge/path/ --domain "example.com" --server letsencrypt

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.