Remove letsencrypt incorrect webmin certificate on copied server image

wdrussell · November 10, 2018, 11:24pm

Hi All,

I have created a test cloud server from an image of the live server.

The problem I have is how do I remove the live certificate from the test server and recreate it for the test server.

Wayne

rg305 · November 11, 2018, 3:50am

If they are going to be using the same FQDNs, then you are done: They both have a valid cert.
So, I suspect that you are not going to be using the same FQDN.
On the test server run:
certbot delete
which should prompt you in the right direction.

Osiris · November 11, 2018, 10:13am

You're asuming @wdrussell even uses certbot. However, @wdrussell should have provided us with much more information besides the 37 words he used right now.

wdrussell · November 12, 2018, 9:09am

Hi,

Yes I am using certbot but because the original image is used to create a test server- the dns of the test server is different (certificate (Invalid)).

So I assume I could replace the existing incorrect ssl certificate on the test server but not sure how to do that.

Any help would be very much appreciated.

If there is anything else you need to know please let me know.

Wayne

rg305 · November 12, 2018, 9:32am

You can use certbot to delete the current cert and also to issue it a new and properly named cert.

wdrussell · November 12, 2018, 10:48am

Hi,

I have used certbot to delete the original certificate from the test server.

In webmin “SSL Encryption” still points to the old server

Details of current certificate
Domain name dabd3e0.online-server.cloud Additional domains dabd3e0.online-server.cloud

with files /etc/webmin/letsencrypt-key.pem
/etc/webmin/letsencrypt-ca.pem

The test server is at http://f7781ae.online-server.cloud/

When I request new certificate in webmin I get:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for f7781ae.online-server.cloud
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
An unexpected error occurred:
There were too many requests of a given type :: Error finalizing order :: too many certificates already issued for: online-server.cloud: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details.

Wayne

rg305 · November 12, 2018, 6:08pm

The domain online-server.cloud is not a recognized public domain; So it is subject to the normal domain rate limits (https://letsencrypt.org/docs/rate-limits/).

You could use a domain found in the PSL (https://publicsuffix.org/list/) [many of which are provided for free by DDNS services].

wdrussell · November 13, 2018, 10:38pm

Hi,

The issue may be related to the fact that /etc/webmin/letsencrypt-key.pem is already saved for the for the original server image and it is not deleted.

Wayne

wdrussell · November 14, 2018, 3:27pm

Hi,
The domain for the test server is f7781ae.online-server.cloud

$ ping f7781ae.online-server.cloud returns:

PING f7781ae.online-server.cloud (77.68.76.112) 56(84) bytes of data.
64 bytes from 77.68.76.112: icmp_seq=1 ttl=54 time=23.2 ms

I have setup the live server this way and that appears ok.

Wayne

wdrussell · November 15, 2018, 11:09pm

The request new certificate is now working on the test server.

system · December 15, 2018, 11:09pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.