Reset or delete my certificates from the system


#1

Hi! I am new here. I have one server with Windows Server 2008 and IIS 6.

I have tested the certification system. I used “Certify the web” client application.

When i modified the iis settings and testing the certification, i reached the free 5 certification limit.

I found the right settings in my server, so i want reset the certifications.

My url: kossuth.saujhely.sulinet.hu

Can i delete or reset all certicifications in lets encrypt system and set one right certification again?

What can i do?

And in windows server 2008, where can i delete the certifications? Currently i have 2 certfications in system, but because i am reached the limit, none of them work.

Thanks for help, Mike.


#2

Hi @Mikeee,

Deleting or revoking certificates does not affect the rate limits in any way. There’s no way to reset it.

The rate limit that you hit is the Duplicate Certificate limit.

So, if you request a certificate that covers an additional name, you can issue it without waiting a week.


#3

Please note IIS 6 does not support SNI.
If you are going to serve multiple sites from a single IP, you will need to first update the IIS to support SNI (version 8 or greater).


#4

Or have one certificate valid for all the websites.


#5

They may “solve” the cert problem.
But unless all the sites will serve the exact same content, you will need SNI - and IIS 6 can’t do that.


#6

@rg305 Are you sure? (I’m not an IIS expert)
but usually, when a webserver doesn’t support SNI, having one certificate valid for all domains solve the problem, as the server will look for the Host header, which will be correct. Just like if the website were accessed using plain http. Or I am missing something?


#7

@tdelmas is right about this. Web servers are able to switch on the HTTP Host header, just like they would with HTTP virtual hosting in the absence of HTTPS.


#8

My recollection may be a bit fuzzy.
It has been quite some time since I’ve used IIS without SNI.
I guess the true test is to test it with one SAN cert.
Bind all sites with the same cert and cross your fingers - lol


#9

In case all else fails, I would consider adding an additional proxy to the Windows Server and use that for SNI. Allowing it to connect to the IIS sites via unique internal IPs.

NGINX and Apache (both for Windows) can do the job easily.


#10

Hi. I can delete the certificates from my server but i have this error message:

The Let’s Encrypt service did not issue a valid certificate in the time allowed. Failed to get new certificate from LetsEncrypt :: Unexpected error
+Response from server:
+ Code: 429
+ Content: {
“type”: “urn:acme:error:rateLimited”,
“detail”: “Error creating new cert :: too many certificates already issued for exact set of domains: kossuth-saujhely.sulinet.hu: see https://letsencrypt.org/docs/rate-limits/”,
“status”: 429
}

What can i do?

ps: i have iis 7 with srv 2008


#11

Hi @Mikeee

you have created 6 active certificates:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:kossuth-saujhely.sulinet.hu&lu=cert_search

Five yesterday, one today. So you are hitting the certificates-per-domain - limit. Wait one week. And if you need certificates, don’t delete active certificates.

You should use the test system, not the productive system.


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.