You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To request that a certificate be revoked, the client sends a POST
request to the ACME server's revoke-cert URI. The body of the POST is a JWS object whose JSON payload contains the certificate to be revoked: certificate (required, string): The certificate to be revoked, in the base64url-encoded version of the DER format. (Note: This field uses the same modified Base64 encoding rules used elsewhere in this document, so it is different from PEM.) POST /acme/revoke-cert HTTP/1.1 Host: example.com { "resource": "revoke-cert", "certificate": "MIIEDTCCAvegAwIBAgIRAP8..." } /* Signed as JWS */ Revocation requests are different from other ACME request in that they can be signed either with an account key pair or the key pair in the certificate. Before revoking a certificate, the server MUST verify that the key used to sign the request is authorized to revoke the certificate. The server SHOULD consider at least the following keys authorized for a given certificate: o the public key in the certificate. o an account key that is authorized to act for all of the identifier(s) in the certificate.If the revocation succeeds, the server responds with status code 200 (OK). If the revocation fails, the server returns an error.
The text was updated successfully, but these errors were encountered:
We probably want to use something like https://crt.sh [1] to search all non expired certs of a given domain.
Then:
for i in non_expired_domains:
download cert, i
get public-key from cert
revoke(i) using public-key
https://tools.ietf.org/html/draft-ietf-acme-acme-02#section-6.6
The text was updated successfully, but these errors were encountered: