Multiple domain revoke required - self created mess


#1

Please fill out the fields below so we can help you better.

My domain is:splitrailhosting.com

I ran this command:

It produced this output:

My operating system is (include version): Ubuntu 16.04.1 LTS

My web server is (include version): apache2

My hosting provider, if applicable, is:digitalocean.com vps

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):webuzo

I missed backing up my private key - really misunderstood a few things. My certs are all messed up and I have read for hours now trying to figure out how to revoke (9 domains in all) - a real mess I have created. Is there a contact that I can make the request to revoke all certs ? I have read other posts where the question started out this way - but in end OP did not need to revoke … they were able to find backups. I really do not have. I started the vps from scratch yesterday. Any guidance would be greatly appreciated. Thanks in advance !


#2

Is there a particular reason why you need to revoke those certificates? If you do not have the private key anymore, and the private key hasn’t been compromised, you can just wait for them to expire in 90 days. Revocation isn’t really necessary unless the key is compromised and won’t affect your ability to issue additional certificates for the domains in question. You can have more than one non-expired certificate for the same domain as long as you’re within the rate limits (which are not affected by revocation in any way).

Anyway, if you still need to revoke the certificates in question, you have a number of options:

  • If you still have the account key with which you obtained the certificate, you can use that to revoke the certificate. With certbot, that would be the default behaviour. If you deleted /etc/letsencrypt entirely, the account key is gone as well.
  • A new ACME account that is authorized to issue certificates for the same set of domains as the certificate you want to revoke will be allowed to revoke the old certificate. Most clients don’t give you a simple way to obtain only the authorizations without actually requesting a certificate, so you’ll probably have to issue yet another certificate for those domains (i.e., follow the regular “I want a certificate for that domain” process) and then use that account key to revoke them.

#3

Thank you, Patrick ! I appreciate the clarification - Key has not been compromised - just nuked. I have hit my rate limits though I am sure. I will give things a week and revisit. Gives me time to do some much needed reading on the subject.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.