I've been using an (expensive) Comodo wildcard certificate for years because I was too lazy to figure out how to use Letsencrypt with the wildecard-DNS configuration. Last week I updated the certificate and saw they even raised the pricing and decided it was time to go full Letsencrypt and succeeded. -insert applause-
However, it seems I'm running 2 certificates now and I'm not sure how to remove the Comodo (which I haven't paid for yet) certificate and too afraid to break things by just 'deleting the shit out of stuff' (l33t h4x0r lingo).
Any help on cleaning my SSL mess would be greatly appreciated.
The operating system my web server runs on is (include version): CentOS 6 (yes, I know...)
I can login to a root shell on my machine (yes or no, or I don't know): Yes.
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Directadmin to add the Comodo certificate, but I used acme.sh to add the Letsencrypt wildcard certificate.
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Acme version 3.0.5
You don't need to, you need to serve a leaf cert with the proper chain.
That means you could:
serve the Sectigo cert and chain
OR
serve an LE cert and chain.
I don't know what all certs are [left] available in your system to pick from.
But the Sectigo leaf cert is definitely there.
Finding the chain for it is simple and public information.
So that path is sure to work.
It looks like you successfully obtained 5 certificates which caused a rate-limit issue.
The first things to do are:
Determine WHERE those certificates are. Hopefully acme.sh saved them onto your machine.
Determine WHY you requested 5 duplicate certificates. This may have been due to manual usage from your confusion, but could be from a renewal script gone wrong.
The next thing to do is:
Examine your Apache2 configuration. Replace the configuration lines pointing to the Comodo scripts with lines that point to the active version of the LetsEncrypt certificates.
I'm not familiar with how acme.sh stores certificates. Certbot saves versioned files to an "Archive" directory, and symlinks them into a "live" directory; under this architecture, you would configure Apache to use the symlinks under "live". Again, I do not know how acme.sh stores the certificates.
Ok. This is the point where I confess to being a total n00b. I know my way around SSH a bit, but most of the time I have no idea what I'm doing and just follow tutorials online.
So when you say things like "you need to serve a leaf cert with the proper chain" or "serve the Sectigo cert and chain", I have no idea what you mean or what to do.
The Sectigo (Comodo?) is the one I want to remove because of the ridiculous price they want to charge me so I just want to keep the LE cert. But I have no idea how to remove the Sectigo cert.
I use Midnight Commander through my Putty connection to browse my server but I don't know what to look for and where to find it.
The reason I tried 5 times: I tried requesting a wildcard certificate and succeeded (I thought) every time but no wildcard. Apparently I forgot to put the '*.blokblok.nl' in the request (d'oh). But the last request was a success.
Acme.sh seems to put the certificates in the /root/acme.sh/blokblok.nl/ directory but I don't know if it also copies them to another location on the server.
"Examine your Apache2 configuration" makes my head spin and I have no idea where to start except google "Examine your Apache2 configuration".
Thanks for the hint. It brought me to this place: /usr/local/directadmin/data/users/admin/domains/
I'm guessing these are the certificated that were issues through Directadmin and thus the certificated I want to remove?
So I removed those, but apparently those were the LE certificates because now it only shows the Sectigo and I have no idea where to look for that one....
I really appreciate the links, but I'm not a sysadmin and this is all way above my head. I think I'm gonna leave it as it is. The website works and shows the ssl-lock. That the most important thing to me. I have too much other things on my mind and can't spend days on becoming an expert on the subject.
