Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I am the new Director of IT here at galco and our records show this domain is expiring in Jan 2024. I need to login and manage this certificate, arrange for renewal, etc....
I really dislike putting this request on a public forum
There's nothing to "login" to, everything is managed through software (called an ACME Client) which is probably already installed somewhere on your systems, which automatically request certificates from Let's Encrypt as needed.
No, it will teach you how Let's Encrypt works. If you know how Let's Encrypt works, you should be capable to ask the correct questions Because currently you're not asking the right questions, probably due to a lack of information/understanding. Thus Peter provided a documentation article where you can learn more about what Let's Encrypt is and how it works.
There's an important distinction being glossed over here. If the domain is expiring, that's a matter for your domain registrar, and has nothing to do with Let's Encrypt. If instead your certificate is expiring, that's perfectly normal--certs from Let's Encrypt are valid for 90 days, and are ordinarily renewed automatically after 60 days (i.e., 30 days before expiration). This means that a cert expiring in January 2024 isn't a reason to take any action.
In all likelihood, whatever process obtained the certs in the first place is already configured to renew them at the appropriate time. But it would be worth your time to determine what that process is. None of us have any way of determining this; it would be handled by software on your end.
Let me try again I inherited a mess, its frustrating beyond belief. The ONLY documentation that I have for those domains is they have a certificate from letsencrypt that expires in Jan. Literally that is all i know.
I understand that this acme is all automated. Based on my understanding and lack of knowledge about this service. how do I start unraveling this ball of string. From what I am reading it sounds like i need to go to our server that is hosting the domains and see if there is some sort of certbot or whatever that is communicating with letsencrypt? I am trying to determine the process.
Pretty much. Which OS and web server are they running? If it's a Unix-y OS (e.g., Linux), and a mainstream web server like Apache or Nginx, check the config files to find where the certs are stored in the filesystem; that in itself will give you a clue of what software's being used to manage them. If it's Linux or something similar, you can also try running certbot certificates at the command line and see what it tells you.
If you're running on a different OS, like Windows, it's pretty likely your system is using something other than certbot.
In fact, that's a better place to start given what I see.
Your DNS for motorsandcontrol.com looks to be proxied there so is using the Cloudflare CDN. This is the system (and cert) that typical clients (browsers) will connect to. The CDN makes a second connection to your origin server. You have various options for this connection maybe even using Cloudflare's Origin CA cert.
As for the backend subdomain of that I don't see any DNS A record at all so not sure how that comes into play.
Lots of great docs at Cloudflare. Below is just one
Or any other ACME client. As said, there are many, MANY ACME clients out there. You can find a non-exhaustive list of ACME clients in the Let's Encrypt documentation. But Certbot is one that's commonly used. To make it more difficult: some webservers have optionally build in ACME clients (like Apache with mod_md) while other webservers like Caddy come with build in and enabled ACME clients by default.
Once you've educated yourself with the information provided by Peter, yes. I'm a great proponent of autodidacticism. Usually autodidacticism works way better than to ask a stream of questions without actually understanding the matter at hand With the right information, questions can be asked more directed instead of quite generically, which improves the quality of well, everything.
Whatever accounts your company had set up through previous employees could be considered irrelevant and you could start from scratch. There is probably automated software already on your system to do all of this though, and no need to do anything -- unless you no longer trust the former employees. In that case, you should rotate all the credentials and issue new certificates.
LetsEncrypt is a free service. On your server, you run a free client (such as Certbot ) that can create a new account, perform challenges that prove your server is authorized for your domains, and download a SSL Certificate.
Aside from being connected to your domain(s), the accounts are largely anonymous - the email address is only used for notification of un-renewed certificates, and the login credentials are a unique RSA key pairing that you (or your software) generates.
In your case, your domains are registered through, and hosted on, the Cloudflare network. Most likely Cloudflare is handling the entire SSL certificate process for you to encrypt traffic between their network and the public internet. It is possible, but very rare, to upload certificates onto cloudflare.
If your predecessor set things up correctly, they did one of three things to encrypt traffic between your origin (your server) and the Cloudflare network:
1- There is a system in place to generate publicly trusted SSL certificates for your domains
2- You are using self-signed certificates to encrypt this traffic
3- You are using cloudflare's long-lasting origin certificates
Because currently you're not asking the right questions, probably due to a lack of information/understanding. Thus Peter provided a documentation article where you can learn more about what Let's Encrypt is and how it works.