docs

    LetsEncrypt Certificate Revoked

    Github logo Edit on GitHub

    With CONCOURSE_ENABLE_LETS_ENCRYPT Concourse uses cert manager to automatically configure TLS certificates via Let's Encrypt/ACME. Such a cert lives in a database cache and will not be replaced until it expires. That means, the cert will not be rotated upon certificate revocation.

    To rotate a revoked certificate before its formal expiry date, clear Concourse's database cache as follows:

    psql -h my-postgresql.host.com -U dbmasteruser -d my_concourse_db
    Password for user dbmasteruser:
    psql (12.9 (Ubuntu 12.9-0ubuntu0.20.04.1), server 12.7)
    SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
    Type "help" for help.
    

    my_concourse_db=> SELECT cert, nonce FROM cert_cache WHERE domain = 'example.com';
    my_concourse_db=> DELETE FROM cert_cache WHERE domain = 'example.com';

    and restart the UI.

    Previous
    What To Do About A Broken BBL Bosh
    Next
    Missing inputs