Need to remove domain certification

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: whatsfresh.app

I ran this command: sudo certbot renew --dry-run

It produced this output:
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/whatsfresh.app-0001/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/whatsfresh.app.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for landing.whatsfresh.app
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (whatsfresh.app) from /etc/letsencrypt/renewal/whatsfresh.app.conf produced an unexpected error: Failed authorization procedure. landing.whatsfresh.app (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: dns :: DNS problem: NXDOMAIN looking up A for landing.whatsfresh.app. Skipping.
The following certs could not be renewed:

  • /etc/letsencrypt/live/whatsfresh.app/fullchain.pem (failure)*

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: landing.whatsfresh.app
    Type: connection
    Detail: dns :: DNS problem: NXDOMAIN looking up A for
    landing.whatsfresh.app

My web server is (include version):
Server version: Apache/2.4.39 (Ubuntu)
Server built: 2019-04-02T20:30:08

The operating system my web server runs on is (include version):
Ubuntu 16.04.6 LTS

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): Can run sudo commands

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

I am trying to remove landing.whatsfresh.app from the registration process.

FYI: I’m not that proficient in linux, but I can follow instructions, ha ha. It seems like I was able to remove a domain on our staging server before, but I’m having issues removing this domain on our production server.

Hi @pc7900

if you have a certificate with two domain names and if you want to use a certificate with one domain name, you can't use renew.

renew uses the current configuration. So that can't work if landing doesn't have an ip address. And if landing would have an ip address, you would create a certificate with both domain names.


But you have already a certificate with only one domain name - https://check-your-website.server-daten.de/?q=whatsfresh.app

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
920130281 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-05-19 13:01:11 2019-08-17 13:01:11 whatsfresh.app
1 entries duplicate nr. 1
856149847 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-04-10 01:39:27 2019-07-09 01:39:27 staging.whatsfresh.app
1 entries
806931656 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-03-12 14:45:05 2019-06-10 14:45:05 landing.whatsfresh.app, whatsfresh.app
2 entries
806919843 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-03-12 14:34:45 2019-06-10 14:34:45 landing.whatsfresh.app, whatsfresh.app
2 entries
801934663 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-03-09 19:23:27 2019-06-07 19:23:27 whatsfresh.app
1 entries
771201376 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-02-18 21:27:20 2019-05-19 21:27:20 landing.whatsfresh.app
1 entries

And you use that certificate:

CN=whatsfresh.app
	19.05.2019
	17.08.2019
expires in 90 days	whatsfresh.app - 1 entry

So landing is already removed.

PS: Use

certbot certificates

to see your current certificates. Then

certbot delete [certificatename]

so the not longer used certificate with landing isn't renewed.

2 Likes

I think I understand. I ran the commands certbot certificates and certbot delete whatsfresh.app as you suggested. I can see that the last certificate containing both names will expire in 20 days, and it sounds like it just will not renew at that point. The other certificate seems to be renewed (expires in 87 days)

Thanks so much!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.