Unable to revoke certificate - BITNAMI & WORDPRESS

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: thecarbonexchange.ca

I ran this command: sudo /opt/bitnami/bncert-tool

It produced this output:
----------------------------------------------------------------------------Welcome to the Bitnami HTTPS Configuration tool.----------------------------------------------------------------------------DomainsPlease provide a valid space-separated list of domains for which you wish to configure your web server.Domain list : thecarbonexchange.caWarning: Could not get domains from existing certificate /opt/bitnami/letsencrypt/certificates/thecarbonexchange.ca.crt!Please enter a different domain list, or revoke it: Learn about the Bitnami HTTPS Configuration Tool Press [Enter] to continue:

I then tried to revoke the certificates using this command:
sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --tls --email=Bata12@thecarbonexchange.ca --domains=thecarbonexchange.ca revoke

But I received this error message:
Trying to revoke certificate for domain thecarbonexchange.ca2022/09/22 03:55:25 Error while revoking the certificate for domain thecarbonexchange.caacme: error: 404 :: POST :: https://acme-v02.api.letsencrypt.org/acme/revoke-cert :: urn:ietf:params:acme:error:malformed :: Certificate from unrecognized issuer

My web server is (include version): Apache 2.4.54

The operating system my web server runs on is (include version): Debian GNU/Linux 10

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Wordpress 6.0.2

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Thanks very much

1 Like

Hi @Bata12, and welcome to the LE community forum :slight_smile:

You can't revoke a certificate that hasn't been issued.
The cert being used by your site now is a self-signed cert for the FQDN "example.com".
[shown below:]

Also, revoking a cert doesn't do anything towards solving your actual problem.

Bitnami can sometimes be difficult to manage [even for some seasoned pros].
Also having WordPress involved makes this even that much more intricate/delicate.

I have about no experience with such a setup, so I won't be much help - less to try and point you in the right direction: I'd search through this forum for topics with both "Bitnami and WordPress".

[I've updated your post title to better express that and hopefully grab the attention of those that have experience with both]

4 Likes

Why would you revoke the certificate in the first place?

5 Likes

Software presents that limited choice:

  • enter a different name [no other name can be used]
  • revoke it [as if that makes any sense there]
4 Likes

I have a different certificate now on my site. This is the one that was originally issued for the website with the lets encrypt app.
The certificate had to be revoked manually by a certain time period which I did not do.
The site's ssl was broken.
I tried to fix it and now I have a certificate that is expired but I can't revoke.

The cert currently sent by your site is a self-signed cert for your Carbon Credit Exchange name. It is not related to any prior Let's Encrypt cert. You can see this at a SSL Decoder site like this one.

In fact, I don't see any Let's Encrypt cert except for one that already expired in April. You won't be able to revoke an expired cert. And, there is never a need to revoke a cert to get a new one or use one from a different Certificate Authority.

I agree with prior volunteers that the problem is using bitnami and bncert properly. Maybe someone here will provide advice otherwise a bitnami forum might be best.

If you are using Lightsail you might find this doc helpful. But, read it very carefully. It is essential you follow the steps for your specific config.
https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-using-lets-encrypt-certificates-with-wordpress

4 Likes