Lost private key, need to revoke Let’s Encrypt certificate

My domain is: tomclub.top

I’m facing an issue with revoking a Let’s Encrypt certificate for my domain. I accidentally deleted the private key and certificate files. As a result, I’m unable to revoke the certificate using the usual method. I understand that the private key is crucial for revoking the certificate, but since it’s lost, I’m unsure how to proceed. Any guidance on how to revoke a Let’s Encrypt certificate without access to the original private key and certificate files would be greatly appreciated.
[INF] Main_Domain KeyLength SAN_Domains CA Created Renew
tomclub.top "ec-256" no LetsEncrypt.org 2023-10-28T13:40:34Z 2023-12-26T13:40:34Z

unless you think someone else do have privkey, you don't have to but there are 3 ways to revoke a cert:

  1. with cert's privkey
  2. from acme account that requested certificate
  3. from another acme account that authzed full set of domains in that certificate

and as you are using cloudflare you may want to look as Origin CA certificates · Cloudflare SSL/TLS docs


They are no longer proxying their domain at Cloudflare. So the Origin CA certificate won't be viable.


But when I use a script to generate a new CA, it shows that the domain name legality verification failed. The current environment already has a corresponding domain name certificate and cannot apply for it again.

I cat't get a new CA

revoking old one doesn't change that. need to fix server config on http


But I have to revoke it first before I can use a script to generate a new CA. What does this have to do with my own server??????????

That is not a Let's Encrypt requirement.

What script (ACME Client) are you using to get your cert?


The questionnaire is there for a reason. Please fill out ALL the questions.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: tomclub.top

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


@hughware In addition to info from the form, please explain how Amazon CloudFront is involved.

You have one DNS A address that points to a CloudFront edge IP. But, you would normally have 2 and also 2 AAAA addresses for IPv6.

And, normally CloudFront uses Amazon certs for its CDN but that isn't working correctly. You could use a Let's Encrypt cert for the HTTPS between the CDN and your origin server.

Further, your port 80 is closed and HTTPS fails to port 443. Although, HTTP requests succeed to port 443 when they should not.

You seem to have a misconfigured environment in general but if you explain what you are trying to do we might help.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.