Error while revoking the certificate for domain...help!

Keywords: WordPress Multisite - Google Cloud Platform - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: bed29c9e-f1c9-90a6-cba5-eb9db8c8d0b5
Description:
while running sudo /opt/bitnami/bncert-tool

Got Error while revoking the certificate for domain mubie.com
        acme: error: 403 :: POST :: 
https://acme-v02.api.letsencrypt.org/acme/revoke-cert :: 
urn:ietf:params:acme:error:unauthorized :: Certificate is expired, url:

Then tried to run

sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --tls --email=crm@johocen.com --domains=mubie.com revoke

Same error as above.

Then followed the suggestion Error while revoking the certificate for domain - any ideas?

to run

sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --email="crm@johocen.com" --http --http-timeout 30 --http.webroot /opt/bitnami/apps/letsencrypt --domains=mubie.com renew && sudo /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -k graceful

still got error: 400

2020/10/10 01:06:21 [INFO] [mubie.com] acme: Trying renewal with -3098 hours remaining
2020/10/10 01:06:21 [INFO] [mubie.com, *.mubie.com] acme: Obtaining bundled SAN certificate
2020/10/10 01:06:22 [INFO] [*.mubie.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/7785345368
2020/10/10 01:06:22 [INFO] [mubie.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/7785345369
2020/10/10 01:06:22 [INFO] [*.mubie.com] acme: Could not find solver for: dns-01
2020/10/10 01:06:22 [INFO] [mubie.com] acme: Could not find solver for: tls-alpn-01
2020/10/10 01:06:22 [INFO] [mubie.com] acme: use http-01 solver
2020/10/10 01:06:22 [INFO] [mubie.com] acme: Trying to solve HTTP-01
2020/10/10 01:06:28 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/7785345368
2020/10/10 01:06:28 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/7785345369
2020/10/10 01:06:28 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/7785345369
2020/10/10 01:06:28 error: one or more domains had a problem:
[*.mubie.com] [*.mubie.com] acme: could not determine solvers
[mubie.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://mubie.com/.well-known/acme-challenge/PbxQse-JKOURMiS0rqvYjClA5q5XcdscbPpypJWAdzo: Connection refused, url: 

Any help is highly appreciated.

Hi @amoreno

Forgot to mention you, especially after following your suggestion, your help is highly appreciated.

There are some background to share…

We had changed the dns server from Namesilo to Cloudflare, after a while, tried to use Cloudflare SSL service and deleted all the acme records in DNS setting. it seems from there we got all the problems.

Is it possible to remove all previous certificates and install the new one from fresh?

Thanks

Hi @mubiesam,

It seems you didn’t use the Bitnami HTTPS configuration tool in the past to configure the certificates. It also seems that you used a wildcard to generate the certificates

Checking the Cron’s configuration, it seems you created a script to generate those certificates (/opt/bitnami/letsencrypt/scripts/renew-certificate.sh) and you were probably using special options to generate the certificate using wildcards. Please review if that option is available with your new DNS provider so you can renew the certificate.

Hi @jota

It was a long story regarding our SSL setup if you still remember…


You are always so helpful answering questions with great patient.

As you had suggested…
You can use Cloudflare to configure the DNS settings of your domain but do not enable the “proxy” settings in the platform. This way, your domains will point directly to the instance and you will be able to access the application using the different domains you configure.

So how can we revoke the previous certificate and follow the instruction here to use Cloudflare ssl?
https://docs.bitnami.com/aws/faq/administration/enable-ssl-cloudflare/

Thanks

Hi @mubiesam,

Could you check the next thread of the community of let’s encrypt?
https://community.letsencrypt.org/t/error-400-renewing-expired-certificate/107762

I hope that helps you,
Ibone.

Hi @Ibone

It seems not for my case, we did not add any AAAA record yet.

Any other suggestion?

Thanks

Hi @mubiesam,

You can revoke a valid certificate using the next guide. However, if the certificate is not valid (as shown in your first post), you can’t revoke it but you can request a new one

https://docs.bitnami.com/google/how-to/understand-bncert/#manually-revoking-an-existing-certificate

Apart from that, I visited your website and it seems to be using a valid certificate now

1 Like

Hi @gongomgra Got it, thanks

HI @mubiesam,

I’m glad you solved your question! We will close this thread as solved. Please do not hesitate to open a new one with any other questions you may have.

1 Like