how to revoke ssl certificate and create new one with same domain
Normally one does not want to revoke a certificate, only some very particular case, for example when its key is compromised. By the way, what is the problem with the actual certificate that you are not satisfied with?
5 Likes
actually certificate was created by name rocketchat.amepos.in-0001, i renamed to rocketchat.amepos.in
/etc/letsencrypt/live/rocketchat.amepos.in#
README cert.pem chain.pem fullchain.pem privkey.pem
/etc/letsencrypt/archive/rocketchat.amepos.in-0001# ls
cert1.pem chain1.pem fullchain1.pem privkey1.pem
In nginx file i have given path for certificate as /etc/letsencrypt/live/rocketchat.amepos.in/cert.pem
my website is not up, is this creating issue so i want to revoke and create new certificate by name rocketchat.amepos.in
Revoking a certificate will not solve any of these issues.
What's in your webserver log? /var/log/nginx/error.log, I assume.
5 Likes
Please show the output of:
sudo certbot certificates
3 Likes
sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/rocketchat.amepos.in-0001.conf produced an unexpected error: expected /etc/letsencrypt/live/rocketchat.amepos.in-0001/cert.pem to be a symlink. Skipping.
Renewal configuration file /etc/letsencrypt/renewal/rocketchat.amepos.in.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.
The following renewal configurations were invalid:
/etc/letsencrypt/renewal/rocketchat.amepos.in-0001.conf
/etc/letsencrypt/renewal/rocketchat.amepos.in.conf
Well, you've professionally destroyed the file structure in the /etc/letsencrypt/ directory. Certbot can't parse the certificates any longer due to incorrect and/or missing files.
Please post the output of:
ls -l /etc/letsencrypt/live/rocketchat.amepos.in/
ls -l /etc/letsencrypt/archive/rocketchat.amepos.in/
ls -l /etc/letsencrypt/live/rocketchat.amepos.in-0001/
ls -l /etc/letsencrypt/archive/rocketchat.amepos.in-0001/
3 Likes
ls -l /etc/letsencrypt/live/rocketchat.amepos.in/
ls -l /etc/letsencrypt/archive/rocketchat.amepos.in/
ls -l /etc/letsencrypt/live/rocketchat.amepos.in-0001/
ls -l /etc/letsencrypt/archive/rocketchat.amepos.in-0001/
total 4
-rw-r--r-- 1 root root 692 Nov 16 07:13 README
lrwxrwxrwx 1 root root 49 Nov 16 07:13 cert.pem -> ../../archive/rocketchat.amepos.in-0001/cert1.pem
lrwxrwxrwx 1 root root 50 Nov 16 07:13 chain.pem -> ../../archive/rocketchat.amepos.in-0001/chain1.pem
lrwxrwxrwx 1 root root 54 Nov 16 07:13 fullchain.pem -> ../../archive/rocketchat.amepos.in-0001/fullchain1.pem
lrwxrwxrwx 1 root root 52 Nov 16 07:13 privkey.pem -> ../../archive/rocketchat.amepos.in-0001/privkey1.pem
ls: cannot access '/etc/letsencrypt/archive/rocketchat.amepos.in/': No such file or directory
ls: cannot access '/etc/letsencrypt/live/rocketchat.amepos.in-0001/': No such file or directory
total 20
-rw-r--r-- 1 root root 1781 Nov 16 07:13 cert1.pem
-rw-r--r-- 1 root root 3749 Nov 16 07:13 chain1.pem
-rw-r--r-- 1 root root 5530 Nov 16 07:13 fullchain1.pem
-rw------- 1 root root 1704 Nov 16 07:13 privkey1.pem
cd /etc/letsencrypt/live/rocketchat.amepos.in/
sudo ln -sf ../../archive/rocketchat.amepos.in/cert1.pem cert.pem
sudo ln -sf ../../archive/rocketchat.amepos.in/chain1.pem chain.pem
sudo ln -sf ../../archive/rocketchat.amepos.in/fullchain1.pem fullchain.pem
sudo ln -sf ../../archive/rocketchat.amepos.in/privkey1.pem privkey.pem
cd /etc/letsencrypt/archive/
sudo mv rocketchat.amepos.in-0001 rocketchat.amepos.in
sudo certbot certificates
If that fixes your Certbot, please refrain from manually tampering with /etc/letsencrypt/ in the future.
3 Likes
Thank you so much for the reply
sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/rocketchat.amepos.in-0001.conf produced an unexpected error: expected /etc/letsencrypt/live/rocketchat.amepos.in-0001/cert.pem to be a symlink. Skipping.
Renewal configuration file /etc/letsencrypt/renewal/rocketchat.amepos.in.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.
The following renewal configurations were invalid:
/etc/letsencrypt/renewal/rocketchat.amepos.in-0001.conf
/etc/letsencrypt/renewal/rocketchat.amepos.in.conf
Please show the contents of the file /etc/letsencrypt/renewal/rocketchat.amepos.in.conf
3 Likes
cat rocketchat.amepos.in-0001.conf
# renew_before_expiry = 30 days
version = 1.21.0
archive_dir = /etc/letsencrypt/archive/rocketchat.amepos.in-0001
cert = /etc/letsencrypt/live/rocketchat.amepos.in-0001/cert.pem
privkey = /etc/letsencrypt/live/rocketchat.amepos.in-0001/privkey.pem
chain = /etc/letsencrypt/live/rocketchat.amepos.in-0001/chain.pem
fullchain = /etc/letsencrypt/live/rocketchat.amepos.in-0001/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = 850f026c51067885b70702d492d5f80f
authenticator = nginx
installer = nginx
server = https://acme-v02.api.letsencrypt.org/directory
rocketchat.amepos.in-0001.conf is not rocketchat.amepos.in.conf
2 Likes
/etc/letsencrypt/renewal
ls
rocketchat.amepos.in-0001.conf rocketchat.amepos.in.conf
cat rocketchat.amepos.in.conf, i find noting, but cat rocketchat.amepos.in-0001.conf i have attached above
Well, that's problematic then.. Maybe the contents of rocketchat.amepos.in-0001.conf wll suffice, maybe not.. 
You might be able to save your Certbot by changing the following in rocketchat.amepos.in-0001.conf:
from:
archive_dir = /etc/letsencrypt/archive/rocketchat.amepos.in-0001
cert = /etc/letsencrypt/live/rocketchat.amepos.in-0001/cert.pem
privkey = /etc/letsencrypt/live/rocketchat.amepos.in-0001/privkey.pem
chain = /etc/letsencrypt/live/rocketchat.amepos.in-0001/chain.pem
fullchain = /etc/letsencrypt/live/rocketchat.amepos.in-0001/fullchain.pem
to
archive_dir = /etc/letsencrypt/archive/rocketchat.amepos
cert = /etc/letsencrypt/live/rocketchat.amepos.in/cert.pem
privkey = /etc/letsencrypt/live/rocketchat.amepos.in/privkey.pem
chain = /etc/letsencrypt/live/rocketchat.amepos.in/chain.pem
fullchain = /etc/letsencrypt/live/rocketchat.amepos.in/fullchain.pem
and afterwards running:
cd /etc/letsencrypt/renewal/
sudo mv rocketchat.amepos.in-0001.conf rocketchat.amepos.in.conf
sudo certbot certificates
1 Like
Thank you so much
1 Like