I accidentally deleted all the files from the /etc/letsencrypt/ path. I have reinstalled different versions of certbot but I can't validate my domains (knigi-varna.com, www.knigi-varna.com, morskisviat.com, www.morskisviat.com, prostori.com, www.prostori.com, yachtsbg.com, www.yachtsbg.com). It always gives me a new validation key, which when I add it to the server and still doesn't accept it and generates a new validation again. I'm using Tomcat as a web server on Slackware-current. It used to work fine with certbot-2.2.0, but then something updated and I made the mistake of deleting the files. I have a backup copy of the previous certificate that has already expired.
I would be very grateful if anyone could help!
1 Like
This is the key problem to solve. It looks like port 80 is not accepting connections.
Maybe it is blocked by a firewall or your server does not accept HTTP requests on that port. You probably changed something since your last got a good cert.
The cert can only be used with its matching private key. If you have a backup of both you could use those but your validation failures are still a problem.
The Let's Debug test site is helpful to test changes while you try to get HTTP working again
Note the HTTP failure is not unique to Let's Encrypt. I cannot reach your "home" page using HTTP either
curl -i http://knigi-varna.com
curl: (7) Failed to connect to knigi-varna.com port 80 after 125 ms:
Connection refused
7 Likes
Adding further support to @MikeMcQ observations
$ nmap -Pn -p80,443 knigi-varna.com
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-05-08 08:15 PDT
Nmap scan report for knigi-varna.com (62.176.117.86)
Host is up (0.20s latency).
rDNS record for 62.176.117.86: 62-176-117-86.btc-net.bg
PORT STATE SERVICE
80/tcp closed http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 1.32 seconds
See:
For the recommended way to install Certbot, please see:
(generally a good idea to remove all installed copies of Certbot before starting)
4 Likes
"What happens if you delete the private keys used to create the certificate?"
Well if you don't have a backup copy to restore the private keys you will not be able to Encrypt the requests made to the server. Most likely the server would actually fail to run.
All of this rendering the Certificates essentially useless.
Generate new private keys and then request new Certificates and deploy them. I suggest restarting the server service or reboot the server entirety.
5 Likes
To be clear...
- Deleting a certificate's uncompromised private key is the proper way to dispose of a certificate rather than revoking the certificate
- Deleting an ACME account's uncompromised private key will render that account unusable for most functionality going forward, including acquiring additional certificates, resulting in the need to register a new ACME account
6 Likes
And, you should first configure your web server application so that it is no longer attempting to use that key or certificate (in order to avoid errors after it's deleted).
6 Likes
% agree, @schoen. 
5 Likes
Problem solved. There was a double error - a broken NAT on the router and a wrong rule in the server's firewall.
Thanks everyone for your help!
3 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.