Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It produced this output:
All 3 commands execute as expected
My web server is (include version):
Kubernetes + nginx ingress + cert-manager
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
GKE
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 1.3.0
How can I invalidate this cert completely and start from scratch for my site? For example if I look this cert up in an SSL checker it want to see it say there is no active cert. Instead I’m seeing " None of the common names in the certificate match the name that was entered …"
You have revoked and deleted a perfectly good/working cert.
Please DO NOT REVOKE CERTS when all you want is a deletion.
They are two very different things and revoking consumes resources unnecessarily.
So you delete, burn, and bury the cert and still ask:
Have I missed something? You've incinerated the cert !
What more do you think can be done to it?
I don't know how "SSL checker" works, so I can't speak to that.
I will not revoke future certs when only delete is necessary. Noted.
The SSL checker I’m using is digicert’s SSL Certificate Checker. If you look up the domain on there it has the warning “Certificate does not match name misc-dev.quickytools.com”. This gives a similar message to running the command wget --save-headers -O- https://misc-dev.quickytools.com
ERROR: cannot verify misc-dev.quickytools.com's certificate, issued by ‘CN=NGINXIngressController’:
Self-signed certificate encountered.
ERROR: certificate common name ‘NGINXIngressController’ doesn't match requested host name ‘misc-dev.quickytools.com’.
To connect to misc-dev.quickytools.com insecurely, use `--no-check-certificate'.
The site is serving another self-signed cert (named “NGINXIngressController”). That has nothing to do with the LE cert (that you have deleted/revoked).
You need to review the web server settings to find out who/what/when/where/why that cert is being served.
The “web server” appears to be nginx:
curl -Iki https://misc-dev.quickytools.com/
HTTP/1.1 404 Not Found
Server: nginx/1.17.10
Date: Wed, 06 May 2020 19:17:05 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive