Recover a deleted certificate

farang1991 · April 22, 2020, 9:38am

I would like to recover a certificate that I revoked (I believe I revoke but it’s not written revoked in crt.sh).

I used “certbot delete” to revoke my certificate. But it was a mistake, I shoudn’t have done that …
Now I want to have back !

When I check on crt.sh, I see 3 records (1 leaf certificate and 2 precertificate):

(sorry I can put only 1 picture as new user …)

On my server, I have in my /etc/letsencrypt:

the complete (I suppose) folder:
/accounts
cli.ini
/keys (10 keys .pem)
options-ssl-apache.conf
/csr (10 keys .pem)

My empty folder:
/renewal-hooks
/archive
/live
/renewal

When I reach my subdomain, I can reach my application.

Can I have back my certificate for my domain with the /csr qnd /keys folder ? What is the process ?
Or ask a new certificate for my domain? The problem is when I run this command "sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly " , I have an error “DNS record already exist”. nevertheless, when I go to https://mxtoolbox.com/SuperTool.aspx, My DNS record is not found …

JuergenAuer · April 22, 2020, 9:41am

Hi @farang1991

you can't. Revoking -> done.

Create a new certificate.

PS: Deleting a certificate isn't revoking a certificate. Read

and

rg305 · April 22, 2020, 9:41am

That is a delete, not a revoke - they are different things.
But neither has an easy "undo" option.
If you have a backup of the LE folder, then you may still have the private key and can use that cert.
Otherwise, you will be forced to make a new one.

rg305 · April 22, 2020, 9:46am

Please show the names and dates of those files:
ls -l /etc/letsencrypt/keys/

farang1991 · April 22, 2020, 10:19am

Thanks @rg305, these are my keys:

farang1991 · April 22, 2020, 10:20am

Thanks @JuergenAuer, I will read that carefully.

rg305 · April 22, 2020, 11:08am

The April 10 key corresponds to the date when you last issued a wildcard cert.
Perhaps that is the key for that public cert.
See: https://crt.sh/?q=*.laophenixconsulting.com

farang1991 · April 23, 2020, 2:37am

okay I see @rg305, the key dated the 10th of april is the one that used to issued my certificate … but what about the others ?

UPDATE: I tryed to install a new certificate but when I run this command:
“sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-chalanges dns certonly”
I have this error: Certot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate. certbot: error: argument -d/–domains/–domain: expected one argument

When I did that the frist time, I didn’t have this error. Does someone know why ?

rg305 · April 23, 2020, 2:52am

Your opening statement was:

And you found the key for that cert.
What "others" ? ? ?

As for:

Your command uses two "strings":

You must ensure their contents are set correctly and are both in their expected formats.
[even an extra comma could throw off the parsing]

farang1991 · April 23, 2020, 3:02am

$Domain contains my domaine name.
$WILDCARD contains my sub domain ( *.domaine_name).

On the documentation of certbot, some command contains two string as well. And the first time I ask for a certificate, It was working.

rg305 · April 23, 2020, 3:05am

You may need to wrap the wildcard; as it would appear as:
sudo certbot -d laoxxx.cm -d *.laoxxx.cm --manual …
and probably should be:
sudo certbot -d laoxxx.cm -d ‘*.laoxxx.cm’ --manual …
So try it with:
sudo certbot -d $DOMAIN -d ‘$WILDCARD’ --manual …

OMG
AND ALSO CHECK THE SPELLING
$WILCARD
$WILDCARD

farang1991 · April 23, 2020, 3:11am

OH FUCK ! Yes sorry I was a wrong name … I checked several times but not saw it Thanks

system · May 23, 2020, 3:11am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.