Problem to revoke certificate


#1

Hello, good morning to the whole community.

I think I’ve had a rookie effect. The other day I registered a certificate for my website in my domain. It seems that everything worked fine but, making tests with the renewal process, I did not understand the process well and the fact is that I made too many requests to create certificates with the same domain.

Well, so as not to prolong the misfortune journey that I had to go through (because I do not have much knowledge of English either), I summarize what happens to me.

I thought that by erasing all my content from the server, re-platforming my linux and installing Wordpress to recover a copy, then I could reinstall the server certificates.

Well, I have the server stacked, Wordpress installed but I can not reinstall the certificates or how to revoke them since, from what I have read recently, you need to have installed the old certificates (which I no longer have).

Any proposal / solution?

Should I wait until they expire on their own?

I will appreciate any response.

Best regards.


#2

I would recommend this. Revokation is required only when the corresponding keys have been made public.


#3

The certificate doesn’t have to expire (=90 days), only the rate limit (=7 days).


#4

No, if the problem I have is that I have restarted the server, where the certificates were downloaded, and I can not download them again.


#5

If you tell us your domain name, we can check on the status of the limits.

Normally you can always get new certificates after waiting at most 7 days. Revocation does not change how long you have to wait, so you won’t be able to speed up the process by revoking the certificates.


#6

Hi. Thanks for your reply.

The domain is vllobet.cat and subdomain www.vllobet.cat

Should I understand that after 7 days I can make a new certificate request with the domain vllobet.cat and www.vllobet.cat?

Thank you.


#7

According to the information at https://crt.sh/?Identity=%vllobet.cat&iCAID=16418, you should be able to issue a new certificate on Thursday, March 8.

If you add a third subdomain to the request, you should be able to issue one immediately (because the new request won’t be considered identical to the old requests), but this might not be worth the trouble.


#8

I’m a mess. For more security, on the 9th should I be able to download the certificate I created earlier?

I am with a Linux server (Debian 8) and it would be advisable that I could execute the command: ./certbot-auto certonly --webroot -w / home / mydomain / wordpress / -d mydomain.com -d www.mydomain.com

That’s possible?


#9

You can download the certificate you created earlier at any time (for instance, via the crt.sh site that I linked to above), but you won’t be able to use it without the corresponding private key. The private key is a secret and the only copy of it would have been on your old server. If you deleted it, as far as we know nobody will ever be able to recreate it. Let’s Encrypt itself does not have a copy of the private key.

However, you can make a new certificate with domain name coverage that exactly matches the old certificate. This new certificate can be used for all purposes exactly the way that the old certificate was.

That looks fine. You could also try --apache if you’re using Apache or --nginx if you’re using nginx—this will also edit your web server configuration files to configure the web server to use the newly-issued certificate.

If you encounter any problems after March 8, please feel free to ask for help here.


#10

Thank you very much.

I will prove it and I will report to you how it has gone. Then, if I get it, the issue of renewals and the cron will come … that was the one that gave me problems and the cause of which I asked for 5 certificates thinking that I was renewing. :frowning:

Best regards


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.