Too many certificates created

I am having a similar problem. I see that there’s a long list when I lookup my domain on crt.sh. Maybe these got created while I was configuring the certificate. Is it possible to request a deletion of those accidentally created certs (all the ones which were created in Apr 2019), so that I can do a clean start?

Actually, the cert was working on Friday, but suddenly it stopped working, so I resorted to some trial and error :slightly_frowning_face:.

Hi @jigarius

I moved your post to a new topic, that makes things easier.

That’s not possible. Please read

Revoking certificates does not reset rate limits, because the resources used to issue those certificates have already been consumed.

Where are all these certificates? What says

certbot certificates

I deleted them because they weren’t working for some reason. I was getting SSL errors on Firefox, Chrome and using curl. I think this is where I made the mistake. I should have had the certs revoked before deleting them, am I right by any chance? Also, I guess I will have to wait for a week to go by before being able to apply for a new cert.

No, as you can read in the section pasted by @JuergenAuer above, revoking does not reset rate limits, so that wouldn’t have mattered. Also, revoking is only necessary if the private key of a certificate might be compromised. By deleting the certificates, you’ve probably also deleted the private key and therefore there is nothing left to be compromised. And, therefore, no reason to revoke the certificate(s).

1 Like

I wasn’t looking to reset rate limits - my objective would’ve been to have those entries removed from crt.sh? Or would they have still remained there? Sorry if I’m asking dumb questions but I’m curious because this is the first time working with certs.

Also, can you confirm that the next step for me will be to:

  • Wait till 7 days pass
  • Carefully create only one cert with certbot --apache -d jigarius.com (am I missing any params)
  • See if https://jigarius.com/ works - if not, reply on this thread

Does it take time for an SSL cert to reflect or will it be spontaneous?

crt.sh is a site where certificate from numerous certificate logs are stored and can be searched. There’s no way of removing your issued certificates from those certificate logs, nor from crt.sh.

I would suggest also adding -d www.jigarius.com to the command line.

2 Likes

And if you do that, you should be able to proceed immediately, without needing to wait 7 days.

Thanks for all the help. I will in fact, wait till Friday for the 7 days to go by. As for www.jigarius.com, I will leave it at port 80 for now and configure a redirect after I fix the problem.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.