Want to drop certificate and stop renewing

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: backend.acrozilla.com

I ran this command: certbot renew

It produced this output:
WARNING:certbot.renewal:Attempting to renew cert (backend.acrozilla.com) from /etc/letsencrypt/renewal/backend.acrozilla.com.conf produced an unexpected error: ("bad handshake: Error([('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)",). Skipping.
and then some more error messages

My web server is (include version):not a web server

The operating system my web server runs on is (include version): Ubuntu 14

My hosting provider, if applicable, is: hostus.us

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.31.0

I created a certificate at some point, and subsequently stopped using it.
(In fact, I forgot all about it.)

Apparently, it was being updated successfully until September, but not since then.
Since the 3-month expiration was approaching, I got an email saying "It's about to expire."

Now, I just want to get rid of it, because (mysteriously) it is trying to renew every 12
hours or so, and repeatedly failing.

There is nothing in crontab for root, and nothing relevant to certs in the sole user's crontab,
so why this is happening, I cannot understand.

It would be sufficient to just stop these unsuccessful renewals,
but what I'd really like is just remove everything from the server
relating to certs.

Thank you.

1 Like

I can't help on the phantom cron job but you will stop getting emails from Let's Encrypt about the expired cert when it has actually expired.

2 Likes

Trying to renew twice a day is the default behavior for certbot. To get it to stop trying to renew that cert, run certbot renew -d <domain name>--certbot won't try to renew a cert that's been deleted. And as Christopher says, you'll stop getting the emails once the cert expires.

2 Likes

You might have a timer instead of a cron job. Try

sudo systemctl list-timers
3 Likes

Correction, that should be certbot delete --cert-name <domain name>. Confusing certbot and acme.sh syntax.

Edit--as above. My mind's apparently elsewhere today.

5 Likes

I agree with @danb35
If you don't need the cert, simply delete it.
If you try stopping certbot from checking renewals, then all certbot managed certs will no longer be renewed.
If you don't have any other certbot managed certs, then you can just uninstall certbot [until you ever need it again].

4 Likes

Thank you all for your help.

3 Likes

Hi @pentolla, I believe what you did was you did away with your subdomain backend but still have your apex domain acrozilla.com. However, as of this moment you do not have a cert for your apex domain.

Was your original cert for both your apex domain and your subdomain? Either way, you can run certbot and request a new cert for acrozilla.com.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.