Technically, because Let's Encrypt always publishes all requested certificates to the logs (this isn't mandatory, it's just easier for most people so Let's Encrypt always does this) your tool can go look in the logs to get the certificate. You do need to know your private key, nobody else ever knew that so if you don't have that then you're done.
X509 certificates published in CT logs are "pre-certificates". They contains a poison extension so you don't be able to use them with your private key.
The final certificate (without poison and with SCT proof) is usually not published in any CT logs but you can submit it yourself if you wish.
tialaramex|11 days ago
plagiat0r|10 days ago
The final certificate (without poison and with SCT proof) is usually not published in any CT logs but you can submit it yourself if you wish.
xyzzy_plugh|11 days ago