What happen if created Let's Encrypt for ONE domain 4-5 times?

Hi,

I created Let’s Encrypt Certificate for ONE DOMAIN 4-5 times, because I rebuilt my website a few times (I deleted all disk). So I want to ask:

What happen if created Let’s Encrypt Certificate for ONE DOMAIN 4-5 times?
What should I do with the ones created before?

If you deleted the disks without backing them up, you simply have 4-5 unusable certificates generated but not available for use because the private key is gone. If you continue to generate lots of certificates for the same domain and/or ip you may run into the Let’s Encrypt rate limits and not be able to issue new certs. You can use the staging environment to test certificate issuance if you think you’ll just be deleting the disks.

If you deleted them there isn’t anything to do. Revocation is possible if you have the private key, but it’s unnecessary unless you suspect key compromise.

3 Likes

Now I have successfully installed a certificate for my domain on my server.
If I have to change server (domain is the same).

Is it possible to reuse the installed certificate?
Or I have to revoke the current certificate and create new one?

you can reuse the certificate itself if that’s not compromised, but keep mind that your client won’t know about imported certificate and can’t renew until it has config for it (created a new cert or paste old renew config on it.)

1 Like

Hi @orangepizza
How can I paste old renew config on it?

The details depend on what ACME client you’re using and how it’s configured.

It might be possible to just install it and copy all of its configuration files over.

It can be simpler to just issue a new certificate, if the rate limits aren’t a problem.

1 Like

If I issue a new certificate, how about the old one? It will stick with me until it’s expires and be deleted on Let’s Encrypt server after that?

Hi @isnday

Certificates are logged in Certificate Transparency Logs.

https://transparencyreport.google.com/https/certificates

https://crt.sh/

That’s permanent.

So it’s not required that Letsencrypt stores the certificates, CT-logs do that.

1 Like

If you issue a new one, nothing happens to or changes with the old one. It’s not a problem to have multiple certificates.

2 Likes

I heard some thing like: Lets Encrypt will send email to remind me of certificates that are about to expire. If the certificate is permanent (), Lets Encrypt will remind me forever?

1 Like

Let’s Encrypt will send you a few emails in the weeks before a certificate expires, if you haven’t already issued a newer certificate with the exact same names.

Even if you don’t, once the certificate expires, the email will stop.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.