I manage a name based hosting site.
We have 500 domain names with the same IP.
My best guess as of 11/17/2020 4:30 PM
A domain that I thought was revoked has become a problem. The letsencrypt revoke procedure showed that it was revoked successfully. The output is at the end of this post under ====
The domain has the old .pem files under /etc/letsencrypt/live/drfrankmartincir/
There currently are no files under /etc/letsencrypt/renewal/ for the domain name; however, I do not know if the renewal procedure (I use the plain vanilla Letsencrypt script)
I start and stop apache whenever I need to add or delete new Domains. The server gets restarted for some Ubuntu updates
For some reason Apache refused to start until the /etc/apache2/sites-enabled/drfrankmartincir-le-ssl.conf was restored from a prior backup
All my other sites and certs are behaving normally.
Why does Apache want an entry in /etc/apache2/sites-enabled/ for a certificate I revoked?
What can I do about it? I can manually edit any of the files I need to
why do you revoke the certificate if the private key is save? That's always wrong. Let it expire, that's all.
Revoking a certificate doesn't change any config file. If you restore an older config file that use the revoked certificate, the result is expected. Disable that site.
Thanks for the reply! When we drop a site, we drop the DNS entries as well. We no longer control the name.
see my prior post Renew fails no valid ip address
But you’re correct that the Subscriber Agreement requires that you revoke the certificate if you no longer control the domain. It’s in sections 3.2 and 3.7 (and possibly others).
I believe I have found the source of my problem. When I revoke the cert, in this case it did not delete the apache file /etc/apache2/sites-enabled/drfrankmartincir-le-ssl.conf. (it was really mixed case
DrFrankMartinCIR-le-ssl.conf)
In order for apache to start, it wanted to see the .pem files.
So if I delete the apache files for the domain
and the files
/etc/letsencrypt/live/drfrankmartincir.com
/etc/letsencrypt/archive/drfrankmartincir.com, do you think I will be okay?