Reissue outdated certificate

Good day!

I have some certificates which I think were accidentally lost like a year ago. Today I found out I got them in a USB memory.

How can I reissue them? Is it possible to do that with all that time passed? Do I have to issue them like brand new?

I would really appreciate any help on this matter.

My domain is alemany.io

I use a Ubuntu 18.06 VPS with a LEMP stack in Digital Ocean.

Cerbot version is 0.28.0.

Thanks in advance.

Warm regards.

Hi @alainalemany,

The issuance process generally doesn’t require access to, or use of, older certificates. Your control over the domain gets re-validated by the certificate authority. (However, Certbot uses the old certificate to keep track of what domains it should request in a new certificate, so if the old certificate was deleted from the server, Certbot won’t automatically know what to request for renewals.)

What happens if you run certbot certificates or certbot renew on this VPS?

Thanks for your response @schoen

Here’s some inputs:

ls /etc/letsencrypt/
archive  cli.ini  live  renewal-hooks

Another:

ls /etc/letsencrypt/archive/alemany.io/
cert.pem  chain.pem  fullchain.pem  privkey.pem

Another:

ls /etc/letsencrypt/live/alemany.io/
cert.pem  chain.pem  fullchain.pem  privkey.pem

Another:

certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No certs found.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Last one:

certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

No renewals were attempted.
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

I really appreciate your help.

Thanks.

This looks like an incomplete backup because it’s missing the important /etc/letsencrypt/renewal and /etc/letsencrypt/accounts directories.

Do you have a web server that’s pointed at certificates /etc/letsencrypt/live? If not, I’d suggest backing up all of /etc/letsencrypt, deleting it, and then starting from scratch.

Thanks again for your answer @schoen

I was able to log into my old server and found out I still got /etc/letsencrypt/. I copied the entire directory to my new server, and when I ran certbot certificates, this is what I got:

root@myserver:# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/alemany.io.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following renewal configurations were invalid:
  /etc/letsencrypt/renewal/alemany.io.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Is that fixable? How can I overcome this? I really need this domain certificate up and running :cold_sweat:

Million thanks in advance.

Warm regards.

Sorry the doble post, but I found out /etc/letsencrypt/renewal/alemany.io.conf it’s empty, I have no idea why. What should I put inside to make this work?

Thanks in advance.

Is it empty on the old server? How did you copy the directory over?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.