Reset everything

Hello,
maybe this is a strange question… but…

Is there a way to reset everything?

I have some domains with the corresponding https certificates…

I have installed those certificates over time… so some are with TLS validation and the more recent ones with HTTP-01…

Moreover, when i do

certbot renew

… some domains appear multiple times, as if they were associated with multiple certificates

so i have a stange “sensation” that something is not configured correctly (although the certificates works well… (tested with https://www.ssllabs.com/ssltest )

so… is there a way to reset and cancel all certificates… and start again?

Yes and no. It may be a hassle. If you need to replace many certificates, doing so might exceed the rate limits. And if everything is deleted, the web server (or other servers) won't be able to restart.

Can you run "certbot certificates"? It lists the certificates Certbot is managing and what hostnames they include.

If it's necessary to clean things up, it might be easier to do it incrementally.

Also, what OS are you using? What web server? What Certbot commands to create certificates?

Yes of course .. Debian 9 with Apache

The involved domains are relatively few.. about 15 domain on this server.. so a manual work of delete and recreate could be possible....

Yes "certbot certificates" show me that one domain is listed two times.. (i replace the real domain name with "example")

Certificate Name: duplicate.example.it
Domains: duplicate.example.it
Expiry Date: 2018-04-22 08:16:28+00:00 (VALID: 86 days)
Certificate Path: /etc/letsencrypt/live/duplicate.example.it/fullchain.pem
Private Key Path: /etc/letsencrypt/live/duplicate.example.it/privkey.pem

Certificate Name: www.example2.it
Domains: www.example2.it duplicate.example.it ........
.......

"duplicate.example.it" has its own virtual host, but it is also listed in "www.example2.it".. (see above) ...this domain has some ServerAlises directives, but not include, of course, "duplicate.example.it" ...

the certobot command i've used ...initially i've got the certificates with certbot --apache, then,.. when the TLS validation has been disabled, i use :

certbot-auto --authenticator webroot --webroot-path /var/www/path --installer apache -d www.mydomain.com

If that certificate is the only problem, you can just:

  • Check your Apache configuration, changing any references to “/etc/letsencrypt/live/duplicate.example.it/” to “/etc/letsencrypt/live/www.example2.it/”.

  • Run “certbot delete --cert-name www.example2.it”.

I’ve checked my apache virtual host configuration files…
I have no cross references between duplicate.example.it and www.example2.it… in fact it is strange that in the “certot certificates” it is listed in two certificates :
Certificate Name: duplicate.example.it (it could be ok!)
and
Certificate Name: www.example2.it (it could be wrong!!)

is it happened… maybe… because of the migration from TLS to HHTP-01?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.