I need to configure my ssl for hiawatha production settings. I am wondering how I can unregister my account so that I can start fresh. The problem was that I read letsencrypt instructions before I read the Hiawatha instructions.
What exact problem are you running into? Because from the top of my head I can't think a reason why unregistering an account would be necessary.
What ACME client are you using? Some of them support account deactivation. If you used Hiawatha's built-in ACME client to create your account you may have to ask their support channel for help. I'm not sure if their client has a method for deactivating an account.
Like @Osiris mentioned (thank you!) its generally not necessary to deactivate the account. You can create a new account and abandon the old one - any valid authorizations held by the old account will expire within a reasonable time frame.
I changed the email address in the letsencrypt configuration file, I still get an error message that says that the account is already registered. Why can’t I just unregister this account.
Your Let's Encrypt account is identified by a public key. Changing the email associated with the key won't accomplish what you are after.
If you want to create a new account you'll need to find a way to tell your ACME client to generate a new account keypair.
Did you see my earlier comment? It is possible to deactivate an ACME account. How to do so depends on the ACME client you used. If you used Hiawatha’s built-in ACME client to create your account you may have to ask their support channel for help. I’m not sure if their client has a method for deactivating an account.
P.S. I am using Hiawatha’s letsencrypt utility that uses ACME ver. 2 interface.
The problem was that I had followed letsencrypt instructions before I followed the instructions provided by Hiawatha. If I could just unregister this account with letsencrypt client provided by Hiawatha, I would have been able to start clean. How can I make a clean start?
can you share a link to the instructions you followed?
The instructions that I initially followed are as follows (more specifically under “With shell access”);
The Hiawatha instructions are as follows;
Copy the all the files belonging to this script to a suitable location, for
example /usr/local/letsencrypt. Create a directory .letsencrypt in your home
directory and copy /usr/local/letsencrypt/letsencrypt.conf to that directory.
Open letsencrypt.conf, change the account email address and key size according
to your needs. Add /usr/local/letsencrypt to your PATH environment variable.
Before you can request a certificate, you need to register an account at the
Let’s Encrypt CA. You can do this via the command: letsencrypt register
When running the tool for the first time, it will create a Let’s Encrypt
account key. Make sure you make a backup of this account.key file.
You can request a website certificate via: letsencrypt request
A virtual host for must be present in the webserver configuration
and you must have write access rights to its website root. The must
be the first hostname for that virtual host. All other hostnames will be used
as alternative hostnames for the certificate. Wildcards are supported by Let’s
Encrypt, but the can only be obtained via DNS challenges. Because that’s not an
option for this script, they will not be used as an alternative name in the
certificate. Unless you specify a filename as the third parameter, the
requested certificate will be stored in the file .pem. When
requesting a Let’s Encrypt certificate, make sure your website is reachable via
HTTP (port 80). This is necessary because the Let’s Encrypt CA will request a
file from it, which the script will create in the webroot in order to prove you
are the owner of that website.
After properly testing, open letsencrypt.conf, comment the testing CA hostname
(the LE_CA_HOSTNAME setting), uncomment the production CA hostname, register
your account key at the production server and request the final version of your
Certificates will be written to a file in the directory of this script. If you
run the script as user root, the certificate will be written to the directory
configured via the HIAWATHA_CERT_DIR setting.
To automatically renew certificates that are about to get expired, run the
letsencrypt tool with the parameter ‘renew’ as a cronjob of the user root. Add
the parameter ‘restart’ to automatically restart the webserver when one or more
certificates have been renewed. All certificates located in the
HIAWATHA_CERT_DIR directory and those referred to in the webserver
configuration will be renewed.
You can run a script when the certificate of a host is renewed. Create a script
in the RENEWAL_SCRIPT_DIR directory and give it the name of the hostname for
which it must be run. That script will be executed upon renewal of the matching
I have found that the solution to this problem is to delete all generated files, and start from fresh, using the instructions provided by the Hiawatha web server from the out set.
Thank you again for all the help provided
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.