Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should delete cached certificate on revoke #734

Closed
sajxe opened this issue Feb 3, 2018 · 4 comments
Closed

Should delete cached certificate on revoke #734

sajxe opened this issue Feb 3, 2018 · 4 comments
Labels
confirmed bug

Comments

@sajxe
Copy link

sajxe commented Feb 3, 2018

Client version: Software version 198.2.6594.21512 (RELEASE)
Windows version: IIS version 7.5, Windows Server 2008, 1 shared IP

Steps that were taken:
I managed to successfully create a certificate for a domain and two subdomains, but I revoked it by mistake.
I deleted the cert from Personal and all the https bindings in IIS but every time I try to renew or create a new cert, Win Simple re-uses this old revoked cached cert instead of getting a new one.

  • Do I need to make a new private key because of the revocation?
    (Not sure what reason Win Simple gave when it revoked the cert, but there is nothing wrong with my existing key)

  • If I delete everything in c:\programdata\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org, will Win Simple stop giving me the old revoked certificate and will it make a new private key for me automatically?

  • Would the command "letsencrypt.exe --forcerenewal" fix my problem without me having to delete the cached files?

  • I tried using the --test option and installed a test fake cert. How do I remove it when I want to try to create a real cert again? Do I just delete it from My/Personal and change the cert in the Bindings/Edit dropdown in IIS?

Thanks very much for any help you can give.
@WouterTinus
Copy link
Member

  1. A new key pair is generated automatically when a new certificate is requested, you don't have to do anything for that
  2. Yes
  3. Yes
  4. Yes

Seems like your intuition is pretty good :)

@WouterTinus WouterTinus changed the title Win Simple keeps re-using old revoked certificate, unable to create new cert Should delete cached certificate on revoke Feb 3, 2018
@WouterTinus
Copy link
Member

Going to mark this as a bug because it obviously shouldn't happen in the first place.

@sajxe
Copy link
Author

sajxe commented Feb 3, 2018
edited

Great! I will try to make a new cert again this weekend and see if it works, thank you so much!

Update: I deleted all the files in the cache, all the existing https bindings in IIS, and the test cert in My/Personal, then I ran win-simple again. Everything went very smoothly and my new cert was issued with no problems. Thank you very much once again for all your help! :)

WouterTinus added a commit that referenced this issue Feb 12, 2018
@WouterTinus
#734
00c5951
@WouterTinus
Copy link
Member

The bug will be fixed in the next release, thanks using LEWS and helping to make it better by providing feedback!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
confirmed bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@WouterTinus @sajxe