Lost Credentials

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: spauldingmedical.dev

I ran this command:

It produced this output:

My web server is (include version): we are serverless

The operating system my web server runs on is (include version): we are serverless

My hosting provider, if applicable, is: Amazon

I can login to a root shell on my machine (yes or no, or I don't know): no

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

I'm trying to download our SSL certificate. The employee who purchased this no longer works for us and we cannot reach them.

Hello @randyspaulding12, welcome to the Let's Encrypt community. :slightly_smiling_face:

Let’s Encrypt Certificates are Free!

Here is a list of issued certificates https://crt.sh/?q=spauldingmedical.dev
You can down load any of the issued certificates from there if you desire.

Be aware Let’s Encrypt Certificates have 90 days of validity, and are recommended renewal every 60 days.


@randyspaulding12 are any of your server services accessible from the Public Internet?
If not almost certainly the DNS-01 challenge of the Challenge Types - Let's Encrypt was use to obtain certificates.

As I do not see much in the way of DNS records


Thank you for your fast response! Please excuse my ignorance. I’m looking to download a .cer file for cert.spauldingmedical.dev. I saw “Download Certificate: PEM” and it downloaded a .crt file.

My inexperience is missing how I do this!


1 Like

Downloading the cert won't help you if you do not also have the private key that goes with it.

The way Let's Encrypt works is that you use software (some ACME Client) to request a cert from the Let's Encrypt ACME Server. There are many such clients you could have used.

You need to find the ACME Client software on your system that requested the cert so you can locate the cert and matching private key. Without more knowledge of your system it is hard to suggest an action.

I don't see a public A or AAAA record for that domain name so I assume this is a private server. You said it is "serverless" but something is using that cert.

I see from your history you were getting wildcard certs which use a DNS Challenge. This won't help you yet I am noting it mostly for other volunteers.


What are the Certificates being used for and how?


Just guessing here...
But it looks like you might be trying to use an LE cert to certify your own private CA.
If that's the case, I don't see how you would be able to get that to work.

In any case, if whatever system needs the cert has Internet access, you might be able to set it up to use DNS authentication and auto-renew.
[possible - but depends heavily on the DSP and ACME client/version in use]


Setting up an scep server for enrolling devices

So, are you running your own CA?
What is the LE cert used for and how?


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.