Ssl certificate revoke

how to revoke ssl certificate and create new one with same domain

Normally one does not want to revoke a certificate, only some very particular case, for example when its key is compromised. By the way, what is the problem with the actual certificate that you are not satisfied with?

5 Likes

actually certificate was created by name rocketchat.amepos.in-0001, i renamed to rocketchat.amepos.in

/etc/letsencrypt/live/rocketchat.amepos.in#
README cert.pem chain.pem fullchain.pem privkey.pem

/etc/letsencrypt/archive/rocketchat.amepos.in-0001# ls
cert1.pem chain1.pem fullchain1.pem privkey1.pem

In nginx file i have given path for certificate as /etc/letsencrypt/live/rocketchat.amepos.in/cert.pem
my website is not up, is this creating issue so i want to revoke and create new certificate by name rocketchat.amepos.in

Revoking a certificate will not solve any of these issues.

What's in your webserver log? /var/log/nginx/error.log, I assume.

5 Likes

Please show the output of:

sudo certbot certificates
3 Likes

sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/rocketchat.amepos.in-0001.conf produced an unexpected error: expected /etc/letsencrypt/live/rocketchat.amepos.in-0001/cert.pem to be a symlink. Skipping.
Renewal configuration file /etc/letsencrypt/renewal/rocketchat.amepos.in.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.


The following renewal configurations were invalid:
/etc/letsencrypt/renewal/rocketchat.amepos.in-0001.conf
/etc/letsencrypt/renewal/rocketchat.amepos.in.conf


Well, you've professionally destroyed the file structure in the /etc/letsencrypt/ directory. Certbot can't parse the certificates any longer due to incorrect and/or missing files.

Please post the output of:

ls -l /etc/letsencrypt/live/rocketchat.amepos.in/
ls -l /etc/letsencrypt/archive/rocketchat.amepos.in/
ls -l /etc/letsencrypt/live/rocketchat.amepos.in-0001/
ls -l /etc/letsencrypt/archive/rocketchat.amepos.in-0001/
3 Likes

ls -l /etc/letsencrypt/live/rocketchat.amepos.in/
ls -l /etc/letsencrypt/archive/rocketchat.amepos.in/
ls -l /etc/letsencrypt/live/rocketchat.amepos.in-0001/
ls -l /etc/letsencrypt/archive/rocketchat.amepos.in-0001/
total 4
-rw-r--r-- 1 root root 692 Nov 16 07:13 README
lrwxrwxrwx 1 root root 49 Nov 16 07:13 cert.pem -> ../../archive/rocketchat.amepos.in-0001/cert1.pem
lrwxrwxrwx 1 root root 50 Nov 16 07:13 chain.pem -> ../../archive/rocketchat.amepos.in-0001/chain1.pem
lrwxrwxrwx 1 root root 54 Nov 16 07:13 fullchain.pem -> ../../archive/rocketchat.amepos.in-0001/fullchain1.pem
lrwxrwxrwx 1 root root 52 Nov 16 07:13 privkey.pem -> ../../archive/rocketchat.amepos.in-0001/privkey1.pem
ls: cannot access '/etc/letsencrypt/archive/rocketchat.amepos.in/': No such file or directory
ls: cannot access '/etc/letsencrypt/live/rocketchat.amepos.in-0001/': No such file or directory
total 20
-rw-r--r-- 1 root root 1781 Nov 16 07:13 cert1.pem
-rw-r--r-- 1 root root 3749 Nov 16 07:13 chain1.pem
-rw-r--r-- 1 root root 5530 Nov 16 07:13 fullchain1.pem
-rw------- 1 root root 1704 Nov 16 07:13 privkey1.pem

cd /etc/letsencrypt/live/rocketchat.amepos.in/
sudo ln -sf ../../archive/rocketchat.amepos.in/cert1.pem cert.pem
sudo ln -sf ../../archive/rocketchat.amepos.in/chain1.pem chain.pem
sudo ln -sf ../../archive/rocketchat.amepos.in/fullchain1.pem fullchain.pem
sudo ln -sf ../../archive/rocketchat.amepos.in/privkey1.pem privkey.pem
cd /etc/letsencrypt/archive/
sudo mv rocketchat.amepos.in-0001 rocketchat.amepos.in
sudo certbot certificates

If that fixes your Certbot, please refrain from manually tampering with /etc/letsencrypt/ in the future.

3 Likes

Thank you so much for the reply
sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/rocketchat.amepos.in-0001.conf produced an unexpected error: expected /etc/letsencrypt/live/rocketchat.amepos.in-0001/cert.pem to be a symlink. Skipping.
Renewal configuration file /etc/letsencrypt/renewal/rocketchat.amepos.in.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.


The following renewal configurations were invalid:
/etc/letsencrypt/renewal/rocketchat.amepos.in-0001.conf
/etc/letsencrypt/renewal/rocketchat.amepos.in.conf

Please show the contents of the file /etc/letsencrypt/renewal/rocketchat.amepos.in.conf

3 Likes

cat rocketchat.amepos.in-0001.conf

# renew_before_expiry = 30 days
version = 1.21.0
archive_dir = /etc/letsencrypt/archive/rocketchat.amepos.in-0001
cert = /etc/letsencrypt/live/rocketchat.amepos.in-0001/cert.pem
privkey = /etc/letsencrypt/live/rocketchat.amepos.in-0001/privkey.pem
chain = /etc/letsencrypt/live/rocketchat.amepos.in-0001/chain.pem
fullchain = /etc/letsencrypt/live/rocketchat.amepos.in-0001/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = 850f026c51067885b70702d492d5f80f
authenticator = nginx
installer = nginx
server = https://acme-v02.api.letsencrypt.org/directory

rocketchat.amepos.in-0001.conf is not rocketchat.amepos.in.conf

2 Likes

/etc/letsencrypt/renewal
ls
rocketchat.amepos.in-0001.conf rocketchat.amepos.in.conf
cat rocketchat.amepos.in.conf, i find noting, but cat rocketchat.amepos.in-0001.conf i have attached above

Well, that's problematic then.. Maybe the contents of rocketchat.amepos.in-0001.conf wll suffice, maybe not.. :roll_eyes:

You might be able to save your Certbot by changing the following in rocketchat.amepos.in-0001.conf:

from:

archive_dir = /etc/letsencrypt/archive/rocketchat.amepos.in-0001
cert = /etc/letsencrypt/live/rocketchat.amepos.in-0001/cert.pem
privkey = /etc/letsencrypt/live/rocketchat.amepos.in-0001/privkey.pem
chain = /etc/letsencrypt/live/rocketchat.amepos.in-0001/chain.pem
fullchain = /etc/letsencrypt/live/rocketchat.amepos.in-0001/fullchain.pem

to

archive_dir = /etc/letsencrypt/archive/rocketchat.amepos
cert = /etc/letsencrypt/live/rocketchat.amepos.in/cert.pem
privkey = /etc/letsencrypt/live/rocketchat.amepos.in/privkey.pem
chain = /etc/letsencrypt/live/rocketchat.amepos.in/chain.pem
fullchain = /etc/letsencrypt/live/rocketchat.amepos.in/fullchain.pem

and afterwards running:

cd /etc/letsencrypt/renewal/
sudo mv rocketchat.amepos.in-0001.conf rocketchat.amepos.in.conf
sudo certbot certificates
1 Like

Thank you so much

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.