Let's Encrypt: Revoke or re-issue new certificate after changing host name!

Greetings!

I was trying to avoid posting here but alas I am stuck and haven’t been able to find much information posted on the topic.

I originally setup HA to use duckdns and lets encryption certificate. But recently change HA to use my own domain. After changing the configuration I attempted to start the let’s encrypt addon with the details of my own domain however I keep getting the log message that my certificate is valid until a date almost 3 months in the future.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /data/letsencrypt/renewal/hass.home.mrlb.com.au.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certs are not due for renewal yet:

  • /data/letsencrypt/live/hass.home.mrlb.com.au/fullchain.pem expires on 2019-08-03 (skipped)*
    No renewals were attempted.

I have attempted to delete the fullchain.pem and privkey.pem in /ssl via samba. However after I run the lets encrypt addon it recreates these files with the current date/time.

The logs mentioned the fullchain.pem located in another location /data/letsencrypt/live/hass.home.mrlb.com.au/fullchain.pem however when I SSH to hassio via root login the directory /data/letsencrypt either is hidden or does not exist. I thought I would attempt to delete this file.

I have read certbot can be used to revoke / renew certificates with HA however I believe this may not be a feature of hassio.

I’d really appreciate some pointers if anyone has any.

Many thanks.

I find it strange now one else has had the issue before.
I might do a backup, re-install hass, then restore everything but SSL then try again.

Did you figure this out i am trying to do the same thing

I have the exact same problem, I can not find how to remove old certs that have different host name/domain names

Did anyone found a solution?
For testing i made some certificates for example:

test2.domain.com
homeassistant.domain.com
But now HA choose randomly the certificate.

Bump

I still can’t find a good way to do this.
From what I understand I need to revoke the old certificate, then issue a new one with the correct domain name.

certbot revoke --cert-path /etc/letsencrypt/archive/${YOUR_DOMAIN}/cert1.pem

I believe the Let’s Encrpyt addon runs certbot. Is there a way I can use it to revoke the incorrect cert?
Or do I have to install my own certbot somewhere and give it access to the private key for revokation?

I had a similar problem where I wanted to test a change made for auto-renewal. The only way I could get the Addon to re-create it whilst ignoring the (still valid) existing one was to re-install the Addon. I copied the YAML config from the Addon page directly, uninstalled, reinstalled and put back my config. Then as I started it it created my new cert. I had to give a restart to HA as I think the old cert was still cached (most likely by Nginx?) and voila.

What about certbot delete --cert-name example.com from this:
https://eff-certbot.readthedocs.io/en/latest/using.html#deleting-certificates