Recover Cert Information

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: which owns &

I am the new Director of IT here at galco and our records show this domain is expiring in Jan 2024. I need to login and manage this certificate, arrange for renewal, etc....

I really dislike putting this request on a public forum

There's nothing to "login" to, everything is managed through software (called an ACME Client) which is probably already installed somewhere on your systems, which automatically request certificates from Let's Encrypt as needed.


Your IT department should have all the information regarding certificate management.

1 Like

Yes it should but it does not. I am the IT department and we do not have any information on anything provided by letsencrypt

Perhaps I do not understand, will this allow me to find our certificate? How will it authenticate me as an admin for that certificate?

Let's Encrypt doesn't provide anything, except certificates. It's an automated service using an API.


Our level of expertise differs yours is deeper, I just want some help figuring out what we have, what it costs, how to renew for our certificates.

No, it will teach you how Let's Encrypt works. If you know how Let's Encrypt works, you should be capable to ask the correct questions :slight_smile: Because currently you're not asking the right questions, probably due to a lack of information/understanding. Thus Peter provided a documentation article where you can learn more about what Let's Encrypt is and how it works.

1 Like

There are MANY different softwares capable of getting a Let's Encrypt certificate, so it's impossible for us to know what you have.

Let's Encrypt certificates are free of charge.

See my first answer in this post: it's impossible for us to know, due to the multitude of possibilities to get a certificate.


Nobody here knows what you have.

Let's Encrypt certificates are free to obtain and use. (Though donations are always appreciated.)

Whatever ACME client software you have installed should be handling that automatically.


There's an important distinction being glossed over here. If the domain is expiring, that's a matter for your domain registrar, and has nothing to do with Let's Encrypt. If instead your certificate is expiring, that's perfectly normal--certs from Let's Encrypt are valid for 90 days, and are ordinarily renewed automatically after 60 days (i.e., 30 days before expiration). This means that a cert expiring in January 2024 isn't a reason to take any action.

In all likelihood, whatever process obtained the certs in the first place is already configured to renew them at the appropriate time. But it would be worth your time to determine what that process is. None of us have any way of determining this; it would be handled by software on your end.


Let me try again I inherited a mess, its frustrating beyond belief. The ONLY documentation that I have for those domains is they have a certificate from letsencrypt that expires in Jan. Literally that is all i know.

I understand that this acme is all automated. Based on my understanding and lack of knowledge about this service. how do I start unraveling this ball of string. From what I am reading it sounds like i need to go to our server that is hosting the domains and see if there is some sort of certbot or whatever that is communicating with letsencrypt? I am trying to determine the process.

1 Like

Pretty much. Which OS and web server are they running? If it's a Unix-y OS (e.g., Linux), and a mainstream web server like Apache or Nginx, check the config files to find where the certs are stored in the filesystem; that in itself will give you a clue of what software's being used to manage them. If it's Linux or something similar, you can also try running certbot certificates at the command line and see what it tells you.

If you're running on a different OS, like Windows, it's pretty likely your system is using something other than certbot.


Thank you very much these things I can do to figure this out, appreciate you.

1 Like

I should be capable enough to ask the right questions? what a thing to say

You should also visit community

In fact, that's a better place to start given what I see.

Your DNS for looks to be proxied there so is using the Cloudflare CDN. This is the system (and cert) that typical clients (browsers) will connect to. The CDN makes a second connection to your origin server. You have various options for this connection maybe even using Cloudflare's Origin CA cert.

As for the backend subdomain of that I don't see any DNS A record at all so not sure how that comes into play.

Lots of great docs at Cloudflare. Below is just one

Here's an SSL Labs report from 1 of the 6 DNS A/AAAA records for your origin server


Or any other ACME client. As said, there are many, MANY ACME clients out there. You can find a non-exhaustive list of ACME clients in the Let's Encrypt documentation. But Certbot is one that's commonly used. To make it more difficult: some webservers have optionally build in ACME clients (like Apache with mod_md) while other webservers like Caddy come with build in and enabled ACME clients by default.

Once you've educated yourself with the information provided by Peter, yes. I'm a great proponent of autodidacticism. Usually autodidacticism works way better than to ask a stream of questions without actually understanding the matter at hand :slight_smile: With the right information, questions can be asked more directed instead of quite generically, which improves the quality of well, everything.


Let me explain things differently:

Whatever accounts your company had set up through previous employees could be considered irrelevant and you could start from scratch. There is probably automated software already on your system to do all of this though, and no need to do anything -- unless you no longer trust the former employees. In that case, you should rotate all the credentials and issue new certificates.

LetsEncrypt is a free service. On your server, you run a free client (such as Certbot ) that can create a new account, perform challenges that prove your server is authorized for your domains, and download a SSL Certificate.

Aside from being connected to your domain(s), the accounts are largely anonymous - the email address is only used for notification of un-renewed certificates, and the login credentials are a unique RSA key pairing that you (or your software) generates.

In your case, your domains are registered through, and hosted on, the Cloudflare network. Most likely Cloudflare is handling the entire SSL certificate process for you to encrypt traffic between their network and the public internet. It is possible, but very rare, to upload certificates onto cloudflare.

If your predecessor set things up correctly, they did one of three things to encrypt traffic between your origin (your server) and the Cloudflare network:

1- There is a system in place to generate publicly trusted SSL certificates for your domains
2- You are using self-signed certificates to encrypt this traffic
3- You are using cloudflare's long-lasting origin certificates

You can read more about this here: Origin CA certificates · Cloudflare SSL/TLS docs


Thank you very much for actually taking the time as a leader by giving me a help hand.

1 Like

Believe whatever you want, be nice though are enough people who are not.