Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command:
certbot revoke --cert-path revoke/5135cacd98930c8c1abe7beedfe39f8a3b91f30d49243c5734819290624b1f8b.pem
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Unable to load: ,[('asn1 encoding routines', '', 'wrong tag'), ('asn1 encoding routines', '', 'nested asn1 error')]
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version):
The operating system my web server runs on is (include version):
nginx
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.9.0
just so the staff no my server was not comprized and neither was my dns server I just like playing around with the server for fun and that means i delete is a lot and generate a certifcate for the same domain very often
You do not have to revoke to comply with TOS just because you created a new cert
It is standard practice to get a new cert to replace a different one before it expires. A revoke is not required and even wasteful to do that every time.
Let's Encrypt has rate limits which might affect you if issuing new certs "very often". If you haven't yet be sure to see: Rate Limits - Let's Encrypt
Oh, and as for the error itself, what is in that .pem file? If a private key do not post it ! But, if it is a public leaf cert would you post it? Have you checked that it is a valid pem file using some SSL decoder? (openssl or otherwise)
The most likely reason for the error you see is a damaged pem file. I don't know why you'd need to download it from crt.sh. If it was one of yours I'd think you'd have a copy already.
In any case, you said it is a public leaf cert so please either post it or give a crt.sh link (or similar) so we can try to reproduce the bug you see.
You should also explain how you installed Certbot and what o/s you are using. You said "nginx" was your o/s but that isn't an o/s.
Just for info, revoking a cert is only necessary for key or account compromise and revoking a cert does not reset your rate limits, so if you hit a rate limit for duplicate certificates you still have to wait for that to reset regardless of whether you have revoked the cert or not.