Server deleted. Lost all keys. What do I do?


#1

I recently issues an ssl for my domain. The server was destroyed and all data lost. Now when I try to provision an ssl for the same domain on a new server it tells me it can’t authenticate and to go through the email. I never received any email when provisioning the SSL the first time. The error I assume means its already been used so it wants the same keys and what not. How can I recover my keys?


#2

Can you post the exact error message?


#3

Failed authorization procedure. xxx.co (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to xxx://xxx.co/.well-known/acme-challenge/dU06LGX1hVBMP2HBeGPueRIA9OS8lHAUWKww2DSOwzE, www.xxx.co (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Error parsing key authorization file: Invalid key authorization: 213 parts
IMPORTANT NOTES:

  • If you lose your account credentials, you can recover through
    e-mails sent to xxx@gmail.com.

  • The following errors were reported by the server:

    Domain: xxx.co
    Type: urn:acme:error:connection
    Detail: Could not connect to xxx.xx/.well-known
    /acme-challenge/dU06LGX1hVBMP2HBeGPueRIA9OS8lHAUWKww2DSOwzE

  • The following errors were reported by the server:

    Domain: www.xxx.co
    Type: urn:acme:error:unauthorized
    Detail: Error parsing key authorization file: Invalid key
    authorization: 213 parts

  • Your account credentials have been saved in your Let’s Encrypt
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Let’s
    Encrypt so making regular backups of this folder is ideal.


#4

This is just an informational message. If you ever lose your account key and want to revoke a certificate, you’ll be able to do that via that email address.

The relevant bit is this:

Make sure your site can be accessed from the public internet and that a request to http://example.com/.well-known/acme-challenge/random_token succeeds and is not interfered with. To verify it’s working, try putting a file in that directory under a random file name, put some random characters in it, and then verify you’re getting exactly that content back via wget or curl.

If you can’t find the cause, please post the exact command you use and any log files in /var/log/letsencrypt as well.


#5

Is there any type of command for revoke? I see letsencrypt revoke --cert-path example-cert.pem but I don’t have any of these files on the server.


#6

That command would be correct but you don’t need to revoke anything. It’s an informational message in case you ever need to revoke a certificate if it’s compromised. That’s not the case for you. Your issue lies somewhere else.


#7

Oh I get it now. thank you!