Revoking Domain Certificate of a dismantled unix server

shovandas · October 5, 2020, 6:03am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: Unicomlive.in, nimbus.unicomlive.in,stratus.unicomlive.in

I ran this command:I could not run any command as servers are already dismantled

It produced this output:

My web server is (include version): Apache2

The operating system my web server runs on is (include version):Ubuntu 18.04

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know): No. As it is already destroyed

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Latest I guess

My Note: As the servers (total 3 for 3 domains as mentioned above) got dismantled, I couldn't ran the command on revoking the Certificate for the above domains. So if you could help in revoking them, will be great help.
Thanks
Shovan

_az · October 5, 2020, 6:07am

The advice on https://letsencrypt.org/docs/revoking/#using-a-different-authorized-account is relevant to you. If you can run Certbot on an unrelated server, you can revoke those certificates via self-service. Provided that you can manually deploy some files or TXT records for your domains, that is.

I also created a web-based tool to do this here, but it largely involves the same steps.

bruncsak · October 5, 2020, 6:30am

You do not need to revoke certificate unless the key is compromised and you believe that the certificate could be misused via the stolen key. Otherwise just let the certificate expire, nothing to do.

shovandas · October 5, 2020, 7:37am

Thanks _az.
I was using your link to revoke the certificate. But i received following error in HTTP and Domain Challenges
" An error occured

Unfortunately something went wrong during the process. Usually this is not recoverable - you will need to start from the beginning.

Error: Challenge is invalid (https://acme-v02.api.letsencrypt.org/acme/chall-v3/7679983472/WwN46g)"
Does it mean certificate is no longer valid or already revoked.
Thanks
Shovan

_az · October 5, 2020, 7:41am

If you click onto the URL, you will see:

DNS problem: SERVFAIL looking up A for unicomlive.in - the domain's nameservers may be malfunctioning

I believe you have deleted your DNS zone from DigitalOcean DNS, because their nameservers currently respond with REFUSED for your domain.

So if you setup the DNS zone again in DigitalOcean DNS, then add the TXT records required for revocation, you should succeed.

system · November 4, 2020, 7:41am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.