Revoking my certs


#1

Hey everyone, my name is Justin. I’m a 17 year old highschool student working on a startup.
Ok, so I really screwed up. I’ve been running a webserver on AWS for like a week now. So far, the web app is coming along great. I decided instead of coding the app this weekend, I’d just optimize the server, install an SSL cert and do some administrative work for the company. I didn’t realize how hard it would be to install an SSL cert on AMI linux. I screwed up like 15 times, I kept deleting and re-running the auto install script, almost each time following a different tut. Anyways, now I just completely got rid of the instance, and decided to start a new one

Here’s the thing now. I didn’t realize I had to revoke each certificate manually before I deleted them. Now my question is, is there any way letsencrypy can just revoke all cert(s) for my domain? Or is my understanding still off? Do I need to revoke the cert(s) at all?

Also, what OS has the most support for lets encrypt?


#2

I believe the LE guys use Ubuntu primarily.

You don’t have to revoke. Just let them expire. They’re only good for 90 days anyway.

No, I don’t believe LE can or would simply revoke them for you.


#3

Remember there are limits of 5 certs / domain / 7 days … you may have already hit those limits. Best to use the testing server to start with ( which hasn’t got the same limits).


#4

As serverco said there is an limit of 5 cert/domain per 7 days. So it could not be possible to issue 15 certs inn one week. And since nobody have your private key the certificates are not compromised and can not be misused.
with crt.sh you can check how many you really created.


#5

Will it be an issue if I have multiple certs for the same domain?

-EDIT: Also, I didn’t do it exactly 15 times, I was just estimating. In reality, It was probably more like 4-5.


#6

@JustinCS, having multiple certs for the same domain is fine; neither Let’s Encrypt nor the browsers will give you a problem with that, except for Let’s Encrypt’s rate limit on issuance.

If you have users who use a browser extension like Cert Patrol and have previously visited the site, they’ll see a warning about the new cert (but very, very few users use these tools, and they’ll also see warnings when other sites that use Let’s Encrypt naturally change certs over time).


#7

Thanks a lot for the help guys I really appreciate it. Unfortunately, I just installed a cert with Amazon today. Maybe I will use lets encrypt in the future. Thanks again.