Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: jon.irish
My hosting provider, if applicable, is: cloudflare
I can login to a root shell on my machine (yes or no, or I don't know): yes
So I received a notice from Cloudflare:
Cloudflare has observed issuance of the following certificate for jon.irish or one of its subdomains:
Log date: 2022-03-22 01:42:40 UTC
Issuer: CN=E1,O=Let's Encrypt,C=US
Validity: 2022-03-22 00:42:39 UTC - 2022-06-20 00:42:38 UTC
DNS Names: *.jon.irish, jon.irish
I did NOT request this, and want to revoke the cert ASAP. LE support sent me to: Revoking certificates - Let's Encrypt
I then created a txt record in the domain verifying that I do own it, and followed the Using a different authorized account step as I do not have the private cert since I didn't request it. When going to crt.sh, there are a lot of entries so I downloaded the cert from 03/22/22 which matches the cloudflare notice. I then ran:
sudo certbot revoke --cert-path /tmp/6388651673.crt (which is the cert I downloaded from crt.sh)
However, I get this error:
An unexpected error occurred:
The client lacks sufficient authorization :: The key ID specified in the revocation request does not hold valid authorizations for all names in the certificate to be revoked Please see the logfiles in /var/log/letsencrypt for more details.
How can I get this certificate revoked and how was someone able to create the certificate in the first place?