Removed .pem file, can't renew with certbot

So l manually made the certificates for my domain a little over two months ago, and I managed to install the certificates, but now they’re getting close to their expiry date, so I wanted to renew them. I previously did not know this, but now I noticed that I require the .pem file to be present in the archive folder in order to renew. I thought that since I’ll renew the certificate, the files are going to be replaced anyway, so I removed them… (yes, I know, I’m an idiot)
Is there anything I could do to retrieve the .pem files from the domain/web host, or an alternate way to renew the certificate?
I’m guessing I’d have to revoke the certificate, and create a new one.

Thanks in advance!

Hi @jpopfantasia,

Revocation is almost never necessary. Let’s Encrypt is happy to issue independent overlapping certificates and does so routinely.

If one of the files you deleted was your private key (privkey.pem), there’s no way to recover it because that is the only copy of that key in existence.

If you did upload all of these to the web host via a control panel or something, then the web host probably does still have copies, but reconstructing the Certbot lineages in /etc/letsencrypt might be a bit of work. Deleting them entirely and starting over is probably simpler and is unlikely to damage anything, though you should be aware whether anything on your system (like a web server?) is configured to point at specific files in /etc/letsencrypt/live that may then be deleted. If you do delete things manually, be sure to delete the directories associated with your old certificate from /etc/letsencrypt/renewal, /etc/letsencrypt/live, and /etc/letsencrypt/archive.

Currently, I think the only thing that Certbot uses the PEM files for is to find the list of domains (in cert.pem) in order to request a new certificate for the same domains. Despite that, there’s no way to override this behavior and renew without these files, even if you know what the domains should be.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.