How to uninstall/delete/disable SSL certificate from Let's Encrypt to my site?


#1

My domain is:www.mieco.it

The site works fine without the “https://” but when I try to access the control panel of wordpress, it runs into error (being under https://) and I can’t get in.

It produced this output: this error comes out “NET::ERR_CERT_COMMON_NAME_INVALID” and I what I would like to do is simply uninstall/delete/disable SSL certificate from Let’s Encrypt to stop this, I don’t need it or want it right now.

My web server is (include version): 4.9.0-6-amd64 (SMP) x86_64

The operating system my web server runs on is (include version): Debian GNU/Linux 9.4 (stretch)

My hosting provider, if applicable, is: tophost.it

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, I don’t know the name.
However, right now I cannot access my wordpress control panel due to the above error (being under https://)

Also, when I ran the test at https://www.ssllabs.com/ssltest
The following came out (by the way, I have no idea what this site “www.seo-prigo.it” is and I have no connection nor does it have any connection to my site www.mieco.it):

Certificate #1: RSA 2048 bits (SHA256withRSA)

Server Key and Certificate #1
Subject www.seo-pigro.it
Fingerprint SHA256: 58760eafaed7f2416465e22e6955445d8d4c4360152b583495763d8e7f88a903
Pin SHA256: SZEbiY7e8erxBirVnUCyO1uSXLQA4Urx2+OZZePNDZM=
Common names www.seo-pigro.it
Alternative names www.seo-pigro.it MISMATCH
Serial Number 03f7d90471a2d0a69d4da0f3a6b20f84ca6f
Valid from Sat, 25 Aug 2018 15:28:02 UTC
Valid until Fri, 23 Nov 2018 15:28:02 UTC (expires in 2 months and 16 days)
Key RSA 2048 bits (e 65537)
Weak key (Debian) No
Issuer Let’s Encrypt Authority X3
AIA: http://cert.int-x3.letsencrypt.org/
Signature algorithm SHA256withRSA
Extended Validation No
Certificate Transparency Yes (certificate)
OCSP Must Staple No
Revocation information OCSP
OCSP: http://ocsp.int-x3.letsencrypt.org
Revocation status Good (not revoked)
DNS CAA No (more info)
Trusted No NOT TRUSTED (Why?)
Mozilla Apple Android Java Windows


#2

Hi @sergioagaiti

the certificate has the name www.seo-pigro.it. Is this your domain?

If yes, then there is a misconfiguration.

If no, you should ask your hoster why this certificate is sent with your domain.

But there is a new certificate www.mieco.it / mieco.it, created yesterday.

https://transparencyreport.google.com/https/certificates/MTb8wVYE6WixD3kfH56DxoHO3SxCnS5E%2Bn0o1znmSfQ%3D

So it’s also possible (if seo… is your domain), that you create one certificate with 4 names - www.seo-pigro.it, seo-pigro.it, www.mieco.it, mieco.it.


#3

Thanks, @JuergenAuer. Actually, as I said in my post, www.seo-pigro.it is NOT my domain name and I have no connection to it. I would like to simply delete/uninstall/disable the Let’s Ecrypt certificate for my domain name, which is www.mieco.it. How do I do that?


#4

What’s your configuration? Did you create the mieco.it - certificate?


#5

Of course, to be honest, I am no expert, I simply followed instructions on a website yesterday, I think it was www.letsencrypt.org and created it without really changing any code or any server/website configuration. I just created it on a browser following instructions. After that, I didn’t think the fact that I created it would make my site stop working without having changed anything on my site or server. What can I do now to eliminate the Let’s Encrypt certificate?


#6

If you didn’t change your website, you wouldn’t have this problem. And now we know you have created a certificate yesterday.

You can also do that in backends of your hoster, wordpress etc. Then you change your website configuration.

If you don’t share informations about all things you did (and about your current configuration), it’s impossible to say what to do.


#7

Thanks for the help.
That’s quite strange - that not having changed anything on my website now I have this problem! I shall contact my hosting provider I guess…I really don’t understand how this happened.

Can I just contact Let’s Encrypt and tell them to get rid of my certificate for www.mieco.it?


#8

Your mieco.it - certificate isn’t the problem. Because you don’t use it - this is the problem.

If you would use this certificate (created yesterday), you would have a wonderful https - website with a correct certificate.

The problem is: What did you changed in your website configuration? Only you can know this.

Nothing changed -> no effect.


#9

Thanks for clarifying, @JuergenAuer. Now it’s more clear to me. However, I didn’t change anything (as I said, I am no expert) and this is why I find it quite strange that this conflict is coming up. I have no idea where normally one would make changes to one’s website in order to “use” or “connect” the created certificate. I really don’t. I do have access to the FTP of my site and the htcdocs if this makes a difference or if I can look for something there that changed or so. Otherwise, I guess I have to rely on my hosting provider, which is not being so helpful at the moment.


#10

It sounds like you will need to talk with your hsp (tophost.it) about how the server handles https connections.
It is strange that the two domains return completely different IP addresses and yet the cert for the other site is valid, and was recently updated, but is being shown on this IP.


#11

Thanks, @rg305. I do find it very strange as well. I repeat: I did not change anything on my site or wordpress except create a certificate on a browser that was, apparently, somehow strangely connected to an external site I had no control or knowledge of.


#12

I am getting in touch with my hosting, as you suggest, to see how they are handling https connections and hope for a solution-they are not being so helpful. Because they in fact do offer an https/ssl service, it just wasn’t working properly with my wordpress theme so I decided to try the Lets Encrypt instead. Maybe that’s where the conflict happened…I still don’t understand how it got activated and connected to that other site because I didn’t make any changes. Is there any way to delete this Lets Encrypt certificate? I think this would help at this point.


#13

To be clear: Your creation of a certificate did not break anything.
Changing the site to use https would break things if the site is not properly setup for handling https for shared hosting or if the site never got the cert you created - which would force it to use whichever cert it could find to service your https request.


#14

Ok - I am waiting for their reply. In the meantime, given that they do offer an https/ssl service for my domain, maybe this entered into conflict with the certificate I tried to create with Let’s Encrypt. Now there might be two certificates conflicting under LetsEncrypt procedure whereas I was supposed to use their supported special https setup. At this point: is it possible to delete the LetsEncrypt certificate? Thanks.


#15

Again: I don’t think that creating the cert broke anything. So, deleting the cert will not fix anything.
The server is misconfigured for https.
If you can, revert your site back to http as that still works: http://www.mieco.it/


#16

Thanks, @rg305, I got your point. I still ask kindly how to delete the certificate, even though, as you say, the server is misconfigured for https. Nevertheless, I wish to know the procedure to delete the Let’s Encrypt certificate, please. Can I do that if I wanted to or it’s not allowed for some reason? Thanks.


#17

Whether you can do that is up to your web host–Let’s Encrypt has no control whatsoever over what you do with it.


#18

Thank you, @danb35. So you’re saying Let’s Encrypt cannot delete a certificate and only the web host can do something about it.


#19

Correct, because that’s where the cert (and the corresponding private key) are stored. That’s also where any configuration would be that involves the cert in any way. Let’s Encrypt can revoke the cert, but the only reason to do that is if you believe the private key has been compromised.


#20

I see… There is clearly some issue because it makes no sense somebody got into the server and used the certificate I created connected to another site. Unless the certificate I created had a key which was somehow connected to the same server (along with the the third-party site that got in the way) but as rg305 said above, the two sites have different IPs and it shouldn’t happen. So can you revoke it?