James, I'm still seeing the same problem, LE is refusing to let me renew these domains. As of today, all of my certs are revoked, but I cannot generate new ones. What can I do to clear out these (apparently) pending requests?
From the responses I'm receiving, it looks like I'm on hold until the end of next month. It would be helpful to get this cleared up sooner than that.
Cheers
It looks like you are using another ACME provider. You cannot get a Let’s Encrypt certificate using that API URL.
OH! You are so boss.
I just figured this out and was returning to explain. I think it's a new feature of the tool I'm using. It used to default to LE.
Thanks a million for replying. To be honest, I was sweating a little over this.
Yes, some ACME clients have switched their default ACME API to ZeroSSL. Most still support Let’s Encrypt and have documentation to configure Let’s Encrypt. You can search the forums and then open a thread in Help if you need some additional support getting your configs back to Let’s Encrypt.
Just adding info about Caddy on Docker. The following works for me:
docker pull caddy:latest
data/caddy/certificates directory
All domain SSL serve by Caddy back to normal
LettuceEncrypt - Lettuce Encrypt (making sure you can find this)
ASP.NET on Ubuntu, do the following:
LettuceEncrypt should issue new certificate and everything should be ok. Thank you Gabriel, you are a life saver.
I shouldn't be affected because when I ran the ssl test it detects the certificates but when I type my domain it's impossible to access it...
Please help me solve the issue
domain : pourboir.com
IP: 15.188.179.71
I am using this setup with lightsail
I am clueless about what to do to fix it
Any help is more than welcome
Thanks all
I was just notified a website I had running has certs that are now revoked as well. Completely new to this. Using Lightsail and I ran certbot to renew the certificates. I renewed and restarted the server but it's still showing the err:cert_revoked issue.
What do I do to fix this? Thank you.
EDIT:
I first revoked manually at: Learn about the Bitnami HTTPS Configuration Tool
then I used certbot delete to delete the existing certificate
I then went to Generate and configure a Let's Encrypt certificate and followed the instructions (though modified nginx to apache2 since I dont use nginx) and did not use the mattermost portion of the ln command and wala, the website is back. I went and proceeded to setup the auto 90 day script.
This was frustrating... but 2 hours used to learn something new. Hope this helps whoever is struggling.
What do we do if we haven't renewed in time? The alert occurred on a plumb holiday here and didn't give us enough time. We are running sites on AWS Lightsail and when we issue the sud lego -tls renew command it just does nothing.
Also, some certificate haven't expired so we are getting errors saying it's too soon to renew.
If your certificate is affected by this incident, it has already been revoked.
do you know if it take hours or days for the ssl get Revocation (SSL Server Test: www.tinsflowershop.com (Powered by Qualys SSL Labs)) as i did an update
I don't understand. The test says it's revoked already, so no, it doesn't take hours or days to get revoked.
Hi LETSENCRYPT,
I have tried to trawl through all these responses but cannot see how to do what really should be simple , that is reissue a new certificate for my domain jowett.org which is now showing as revoked. I have tried renewing with ' /opt/bitnami/letsencrypt/lego --tls ....... for the six domains on the server jowett.org, jowett.net and jowettjupiter.com and their www. equivalents, but it always says it is up to date.
2022/01/30 16:07:22 [INFO] [jowett.org] acme: authorization already valid; skipping challenge
How do I force renewal?
Please include more details of the output of your attempt. With just that single line it's very hard if not impossible to debug.
Also, you seem to have issued two certificates today and a perfectly good cert from the 26th last Wednesday already: crt.sh | jowett.org
Please use one of those 
No need to issue any more certificates, otherwise rate limits might come in effect.
Thanks for response. OCSP still says jowett.org revoked although others on server are OK. What else needs doing?
OCSP Checker gives
| Domain Name(s) | jowett.org, jowettjupiter.com, www.jowett.org... more |
|---|---|
| OCSP URI | http://r3.o.lencr.org |
| Next Update | Feb 4 23:59:58 2022 GMT |
| This Update | Jan 29 00:00:00 2022 GMT |
| Cert Status | revoked |
| Produced At | Jan 29 00:09:00 2022 GMT |
| Response Type | Basic OCSP Response |
| OCSP Response Status | successful (0x0) |
| OpenSSL Command | openssl ocsp -sha1 -issuer ca.crt -cert cert.crt -header host=r3.o.lencr.org -url http://r3.o.lencr.org -text -CAfile ca.crt -no_nonce |
Problem solved! The vhost file was pointing to the old certificate! Doh.
Thanks for you attention. I found the virtual host in apache was pointing to the old certificate. Now fixed.
I have tried to renew using the Bitnami HTTPS Configuration tool, which was successful, but my certificate is still showing revoked across Safari and Chrome. Any idea how to fix this issue? I did get the email about my domain as well. What else can I try? The certificate seems to be showing the old expiry date. I assume the server is being restarted with the tool, but tried manually generating the certificate as well and still no luck. Please help. (danyasdecor.com)
@bz2086
Check the date on the actual cert being served.
If new date, then clear your cache or reboot your client.
If still old date, then restart Bitnami (or your server).
SSL Labs shows that it is still serving the old (REVOKED) cert:
Thanks! It is showing the old certificate date. I rebooted the server and same thing. Is there a way to completely remove the old certificate and then restart from scratch? or any other things I can try to get it updated?
