New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Retrieve / Reissue a Let's Encrypt certificate
Everytime I search their is too much information to actually follow and understand correctly.
How do I retrieve or reissue a certificate
that is still younger than 60 days. Like if I clean install my test server, I need to re-install the test server. Now I can copy the cert + chain but the on my test server I intend to check my Let's Encrypt scripts and procedures if they work fine, so I really want to "negotiate" and get certificates (re)issued.
Comments
AFAIK, if you don't have the 'lineage' (the past certs), or if they're corrupted somehow, LE will just create a new cert for you.
It's entirely possible to end up with multiple certs issued for the same domain concurrently.
so you mean if I have a certificate for a domain, format and clean install my server removing all "lineage" and issue a request on cleanly installed server for that same domain, it will simply issue it again automatically ?
Yes. But they may temporarily ban a domain if you do this too often. IIRC the limit is 10 such resets per week or so.
Thanks for the heads up !!
since its talk abour LE, anyone know how can implement use lets encrypt on 2 vps.
i mean if i have domain.com and load balancing on vps A and vps B, so i just need copy cert on vps A to vps B or request it on every vps then.
thanks
You can certainly copy the certificate, SSL certificates are not tied to particular IP addresses. But you will need to figure out how to pass the ACME challenge to obtain the certificate from Let's Encrypt; the HTTP method might not be the best option since you would need to have both machines respond to the challenge (although if you do a bit of setup in your application, or just have a bash script to rsync the file and make some adjustments to whatever script you are using that responds to the challenge, then it should be fine). There's other methods like DNS that you could try instead.
It is better to open new topic though.
thanks i'll try your suggestion, i'll open new topic if have problem.
IIRC the limit is 10 such resets per week or so.
The Limit now is probably 5
I read here https://letsencrypt.org/docs/rate-limits/
> We also have a Duplicate Certificate limit of 5 certificates per week. A certificate is considered a duplicate of an earlier certificate if they contain the exact same set of hostnames, ignoring capitalization and ordering of hostnames. For instance, if you requested a certificate for the names [www.example.com, example.com], you could request four more certificates for [www.example.com, example.com] during the week.
Depends on letsencrypt client you use. For instance with acme.sh client https://github.com/Neilpang/acme.sh you can use --force command to reissue while younger than renewal time
that's what i am doing for my Centmin Mod LEMP stack's letsencrypt integration via acmetool.sh https://community.centminmod.com/threads/official-acmetool-sh-testing-thread-for-centmin-mod-123-09beta01.8290/
when you select option to reissue it's just acme.sh --force being called
acmetool.sh menu mode option 6
reissue management (AWS S3 options not yet done)
but yes as folks stated already, you can just issue again for same common name cert anyway if the letsencrypt client instance doesn't have a previous ssl cert stored for that common name domain
for me acmetool.sh addon for my Centmin Mod LEMP stack, i plan to add AWS S3 support and just use s3cmd tool to ensure all servers in a cluster get the issued letsencrypt SSL certificates. Haven't coded that part yet for acmetool.sh though still beta testing the rest of the routines.
Oh, so if you need to workaround that, you can just request a cert for [www.example.com, example.com, test.example.com] and it'll work fine.