FAQ: Action Required (Let's Encrypt Revoked Certificates)

If you have received an email from Let’s Encrypt informing you of the need to urgently renew your certificates:

  • If only some certs are affected using the UI to go to the specific managed certificate and click ‘Request Certificate’ to renew.
  • If many certs are affected:
    • Users of v4.1.8 onwards can Ctrl+Click Renew All to force renewal of all managed certificated.
    • Users of v4.1.7 and lower can change the renewal interval days under Settings to 1, the hit Renew All, then set the renewal interval back to at least 30 days.

This thread will be updated if any updates are released for Certify The Web which help with this process.

Before attempting to renew your certificates, first check a sample of your domains using the following tool:

If your domains are not affected (their certificates have renewed since the problem was fixed by Let’s Encrypt) then there is no further action required.

A new release v4.1.8 is now available for download. Users can Ctrl+Click on Renew All to force renewal even for certificates which are not yet due for renewal.

@webprofusion I have a question their is a option to use the Ctrl+Click on renew all to use this actoin via CLI or even via powershell ?
I am actualy working to automate the renew of the certificat for some clients exemple :
Every 60 days at 6am I have to renew and apply this certif to RAS so I have to restart the service and I don’t want it to renew on the day it will interrupt the connection.

Best regards,

@Anthony that option does exists (to force renew all) but that’s not the best approach (it’s perhaps ok if you just have a couple of certificates). If you wanted to basically control renewal manually you can uncheck Certificate > Advanced > General Options > Enable Auto Renewal.

The better approach is to let the certificate auto renew (a new cert if requested and stored) but set the deployment task (in v5 or higher) Trigger to Manual. You can then either run the deployment of the latest certificate on demand via the UI or scripted as a scheduled task that you create and manage yourself.


Thanks to the reply, I actually did a script who will run a check of the certificate and delete the oldest one. Then apply the lastest certificate with RAS deployement everything in Manual.
Everything seems to work now.

Have a nice day.

Best regards,

Ok, Certify does have a certificate store cleanup preference under Settings.

You’re entitled to work in the way you feel most comfortable but I think you’re fighting the against the system that’s been provided for you a little :slight_smile: - as long as it works for you it’s all good.

Yes, I know and I was working with it too but they were some problems with the delete of the certificate some times and the deploy RAS who was appli not the right certificate.
So I prefered to be sure it will be only one certificate with the same name.
I cannot setup the delete after the renewal because I apply the new certificate one day after the renew to be sure it has been renew before the apply.
But thanks for your help !
I will continue to be in touch with the update and new features.

1 Like