The easiest way I find is to search for your domain at https://crt.sh/ and you can see exactly what certificates have been issued, when.
Do you mean remove it from the LetsEncrypt database ( to me that seems totally irrelevant ) or do you mean remove it from your current certificates on your server ?
I'm not sure I understand the scenario here. If you already have apache running, why do you want to stop it to run the client in standalone mode. I'd just run it, using the existing apache ( no need to stop it) to host the relevant tokens as proof of ownership, and then add the certificate and reload apache ( this effectively enables apache to start using the new certificate without stopping any existing connections ) .
Note that Certificate Transparency Log servers have a merge delay, and crt.sh won’t fetch those updates in realtime either, so you won’t see new certificates right away. If you actually have a certificate (not from staging) and it hasn’t shown up on crt.sh in a long time, please post the serial number - that would be a rather serious bug in the CA server (or crt.sh).
There’s no way to query Let’s Encrypt directly as of right now. There are plans to expose the current rate limit status (e.g. current counter, reset, etc.) as part of the ACME protocol in the future (which could then be displayed or logged by clients), but nothing concrete yet.
Thank you for the link: https://crt.sh/
Is there a limitation how many search requests allowed to come from an IP address?
I mean, delete from your database. So, if somebody changes his mind and doesn’t want to use his registrated LE crt, just delete from the server he installed before, and thats it?
Its good to know that should be works fine without stopping apache, but i always getting “no vhost exist” for any kind of domain i tried to install. I didn’t find where should i change conf files to le-auto script could find these vhosts.
https://crt.sh/ is operated by Comodo out of good will, so probably if you’re going to do a lot of queries, especially over a prolonged period you should consider building your own monitor instead. That’s what crt.sh is, a monitor (with a nice web UI) of the CT logs. The API for monitoring logs is documented, and Google requires the logs to achieve defined performance to remain listed as authorised logs in Chrome releases so they should be fairly robust.
What you can do is create the certificates using webroot authentication. Webroot puts a hidden temporary file in your website so Let's Encrypt can verify you control the domain. You use it like this:
letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/foobar -d foobar.org
This will create a single certificate containing three domains, and you don't have to stop Apache to use it. It only creates the certificate, it doesn't configure Apache, so you'll have to adjust your vhosts file yourself. I have all my vhosts in a single file for convenience, and it's not hard to add the lines for SSL/TLS.