Force Let's Encrypt to replace Startcon certificates?


I’ve got a mix Startcon SSL and Let’s Encrypt certificates on my box. Seems Startcon certificates now generate a hard error (NET::ERR_CERT_AUTHORITY_INVALID) in Chrome. They still work in Firefox.

Is there a way to force replacement of the Startcon certificates with Let’s Encrypt? The admin web page only generates a new CSR.

And management/ says “no need to replace”.


PS: Here are some details about Google revoking the WoSign and Startcon CA:


I believe you can do:
./management/ --force

That --force flag will likely do what you need.


How much is Startcon?
Were you able to replace Letsencrypt?
My Letsencrypt provision is broken with no way of fixing unless I blow away MIAB and start over.
Is there a workaround for management/


Thanks, that mostly did the job.


I’ve seen the “./management/ --force” suggestion in a few places and it is not working for me. (See the following.) Any suggestions? My guess is that for my particular situation, there is a bug in

$ sudo ./management/ --force
Traceback (most recent call last):
  File "./management/", line 807, in <module>
  File "./management/", line 450, in provision_certificates_cmdline
    status = provision_certificates(env, agree_to_tos_url=agree_to_tos_url, logger=my_logger, force_domains=force_domains, show_extended_problems=show_extended_problems)
  File "./management/", line 337, in provision_certificates
  File "/usr/local/lib/python3.4/dist-packages/free_tls_certificates/", line 64, in issue_certificate
    agree_to_tos_url, validation_method, acme_server, logger)
  File "/usr/local/lib/python3.4/dist-packages/free_tls_certificates/", line 112, in validate_domain_ownership
  File "/usr/local/lib/python3.4/dist-packages/free_tls_certificates/", line 317, in create_client
    client = acme.client.Client(acme_server, key)
  File "/usr/local/lib/python3.4/dist-packages/acme/", line 63, in __init__
  File "/usr/local/lib/python3.4/dist-packages/acme/", line 624, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/usr/local/lib/python3.4/dist-packages/acme/", line 606, in _send_request
    response = self.session.request(method, url, *args, **kwargs)
  File "/usr/local/lib/python3.4/dist-packages/requests/", line 488, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python3.4/dist-packages/requests/", line 609, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python3.4/dist-packages/requests/", line 423, in send
  File "/usr/local/lib/python3.4/dist-packages/requests/packages/urllib3/", line 594, in urlopen
  File "/usr/local/lib/python3.4/dist-packages/requests/packages/urllib3/", line 350, in _make_request
  File "/usr/local/lib/python3.4/dist-packages/requests/packages/urllib3/", line 835, in _validate_conn
  File "/usr/local/lib/python3.4/dist-packages/requests/packages/urllib3/", line 311, in connect
  File "/usr/local/lib/python3.4/dist-packages/requests/packages/urllib3/util/", line 267, in create_urllib3_context
    context.set_ciphers(ciphers or DEFAULT_CIPHERS)
  File "/usr/local/lib/python3.4/dist-packages/requests/packages/urllib3/contrib/", line 385, in set_ciphers
TypeError: must be str, not bytes