TLS revoked, certificate created by Bitnami's tool

federico · April 8, 2025, 8:37am

I used Bitnami's tool to get a certificate. The tools doesn't show any error. Chrome doesn't show any problem. But someone reported to me that HTTPS is not working, so I tried with Firefox, and it turns out that the TSL certificate was revoked. Why did this happen?

The second question, obviously, is how do I fix the problem? Calling Bitnami's tool has no effect, even if it seems to work. If Let's Encrypt revoked our certificate, this might be expected.

My domain is: dbfrontiers.com

I ran this command: sudo /opt/bitnami/bncert-tool

It produced this output:

My web server is (include version): Apache

The operating system my web server runs on is (include version): Linux

My hosting provider, if applicable, is: Amazon LightSail, with a WordPress Bitnami image

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): bncert-tool

Osiris · April 8, 2025, 9:01am

There are three certificates for your domain (crt.sh | dbfrontiers.com):

crt.sh | 17458580669 for just dbfrontiers.com, issued on 2025-03-04 and is still valid;
crt.sh | 16989558753 for just www.dbfrontiers.com, issued on 2025-03-04 too and is also valid;
crt.sh | 17540541909 for just dbfrontiers.com, again, but issued on 2025-03-31 and indeed has been revoked:

Serial Number: 06B03DBAA0277307DE6D2F21F100F39C39C2
   Revocation Date: Apr  1 12:19:50 2025 GMT

There is no CRL reason code mentioned in the CRL, so I don't think this certificate was revoked by Let's Encrypt. I don't know for certain, but I think LE would add a reason code if they themselves would revoke a cert.

Now, I have no clue how bncert-tool works, but that first certificate is still valid and could be used, if everything is still available within bncert-tool. If not, just re-issue the cert.

Also, while you're at it, it's probably a good idea to combine dbfrontiers.com and www.dbfrontiers.com into a single certificate.

No clue how you should be able to do all that with bncert-tool though.

federico · April 8, 2025, 9:26am

@Osiris thanks a lot for your answer. Do you think I should remove the revoked certificate? If so, do you know I can do it with Certbot?

Osiris · April 8, 2025, 9:41am

bncert-tool and Certbot don't mix together, so no, that's not really possible.

system · May 8, 2025, 9:42am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SSL Certificate Revoked Error Help	3	1578	March 2, 2022
Renewed cert but still hitting revoked cert in browser Help	19	2497	March 14, 2022
I renewed my certificate, but have a SEC_ERROR_REVOKED_CERTIFICATE Help	4	1388	March 4, 2022
Net::err_cert_revoked Help	14	3267	March 1, 2022
Net::err_cert_revoked Help	3	1105	March 17, 2022

TLS revoked, certificate created by Bitnami's tool

Related topics