SITE DOWN & School Starts Today! How can I completely uninstall Let'sEncrypt

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:ncileadership.org

I ran this command: sudo /opt/bitnami/bncert-tool

It produced this output:

https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Do you agree to the Let’s Encrypt Subscriber Agreement? [Y/n]: Y----------------------------------------------------------------------------Performing changes to your installationThe Bitnami HTTPS Configuration Tool will perform any necessary actions to your Bitnami installation. This may take some time, please be patient.----------------------------------------------------------------------------SuccessThe Bitnami HTTPS Configuration Tool succeeded in modifying your installation.The configuration report is shown below.Backup files:* /opt/bitnami/apache/conf/httpd.conf.back.202008171705* /opt/bitnami/apache/conf/bitnami/bitnami.conf.back.202008171705* /opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf.back.202008171705* /opt/bitnami/apache/conf/vhosts/moodle-https-vhost.conf.back.202008171705* /opt/bitnami/apache/conf/vhosts/moodle-vhost.conf.back.202008171705Find more details in the log file:/tmp/bncert-202008171705.logIf you find any issues, please check Bitnami Support forums at:https://community.bitnami.comPress [Enter] to continue:

My web server is (include version): Apache

The operating system my web server runs on is (include version): Debian 10

My hosting provider, if applicable, is: Google Clouds Platform

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): BNCertool

1 Like

I’m seeing everything great. What’s the problem exactly?

1 Like

I’m guessing it’s about lead.ncileadership.org looking at the screenshot and the Console errors about an invalid cert.

2 Likes

I am on my computer… and I type
www.lead.ncilearship.org and I get the following page

2 Likes

That subdomain is not on the certificate. You need to “expand” the certificate to include that subdomain (or into a wildcard *.ncileadership.org certificate).

https://crt.sh/?q=ncileadership.org

1 Like

@Jubilee2020 Your certificate is for ncileadership.org and www.ncileadership.org only. You should somehow add the lead.ncileadership.org hostname to a certificate too.

However, you’re running Bitnami and Bitnami has all things a little bit different than most systems. Not every volunteer here on this Community has experience with Bitnami. Probably very few to be honest.

Personally, I have absolutely NO idea how Bitnami works and how it manages its certificates. I have no idea how that bncert-tool works. Most likely you’ll get more useful replies on the Bitnami Community. See the link in the output you’ve pasted yourself in your first post.

2 Likes

I appreciate it!!! How can I ADD lead.ncileadership.org???

1 Like

correction… how can I ADD lead.ncileadership.org to the certificate?

2 Likes

Most likely you can just issue a new certificate with ncileadership.org, www.ncileadership.org, and lead.ncileadership.org as the domains being certified. The way to do this should be indicated on the help for the tool you are using. Like @Osiris I’m unfamiliar with it. Given the history of subdomains from my screenshot above from https://crt.sh/?q=ncileadership.org, I would honestly recommend you move towards getting a certificate with only ncileadership.org and *.ncileadership.org as the domains being certified. This would save you a whole lot of trouble in the future as the *. will cover EVERY subdomain, including those not yet envisioned.

1 Like

That’s a bad idea.

Wildcard certificates require dns validation, not http validation.

Bitnami works well with the integrated http validation.

Three domain names -> no wildcard is required.

2 Likes

You’re probably right. I was just thinking that given the history of various subdomains showing on crt.sh, it might prove helpful. Did you see the history of the certs? Seems to be a lot of overlap with Google.

1 Like

Thank you both so much JuergenAuer and freessltool.com … I am going to add the subdomains right now

3 Likes

Good call. You may want to check out why you’ve also got certificates issued from Google. As @JuergenAuer said though, don’t take my suggestion for now about *. because it may break your ability to get a cert. Just try to list ALL the subdomains you need. You appear to currently have 11 different certificates that aren’t expired for the domain!

1 Like

Now I am getting a different message. It is not letting me make the certificates.

1 Like

The certificate generation probably failed. Did you see my message above about NOT including *.ncileadership.org? If you do, it’ll try to change the way it’s validating your control of the domain and then fail. Simply removing *. then listing ALL the subdomains you need (including ncileadership.org, www.ncileadership.org, www.info.ncileadership.org, lead.ncileadership.org, and www.denson-blog.ncileadership.org) then generating a new certificate should do the trick.

1 Like

No… I didn’t do that. I tried to generate the certificate containing www.lead.ncileadership.com, www.ncileadership.org. And that’s when I got the errors on the attachment that sent in the previous post. Regarding the info.ncileadership.org and the blog.ncileadership.org… those are google sites and therefore did not need to be included because google generates its own certficates. I just needed to generate the www.lead.ncileadership.org and the ncileadership.org… but I got the error in the attachment of the previous post. Could you look at that and offer advice please?

1 Like

correction… not “.com” but .org

1 Like

Ah. That explains a lot. So you’re wanting www.lead.ncileadership.org and not lead.ncileadership.org?

The error you got is because the certificate is now missing, hence the error and the site going offline.

Looks like the blog and info are still operational due to serving the Google certificates. You just need to issue a new Let’s Encrypt certificates covering the main domain and the other subdomains and you should be good. Part of the issue you’re seeing is that you have a number of certificates with overlapping coverage. Getting a single certificate for those domains covered by Let’s Encrypt will simplify life greatly.

1 Like

both of those are suitable. How do I fix this error?

The error can be fixed by generating the new certificate. It (hopefully) should not preclude you from doing so. I’m assuming you still have access to change the domains/subdomains being certified then running to get the new certificate. From my research and the info you’ve provided, you should probably include the following:
ncileadership.org
www.ncileadership.org
lead.ncileadership.org
www.lead.ncileadership.org

1 Like