mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-23 22:27:38 -05:00
letsencrypt: Revoke certificate
This commit is contained in:
Matthew Holt
parent
c626774da2
commit
a16beb98de
2 changed files with 45 additions and 6 deletions
|
|
@ -419,6 +419,41 @@ func getNextRenewalShedule() (int, error) {
|
|||
return hoursSinceRenew, nil
|
||||
}
|
||||
|
||||
// Revoke revokes the certificate for host via ACME protocol.
|
||||
func Revoke(host string) error {
|
||||
if !existingCertAndKey(host) {
|
||||
return errors.New("no certificate and key for " + host)
|
||||
}
|
||||
|
||||
email := getEmail(server.Config{Host: host})
|
||||
if email == "" {
|
||||
return errors.New("email is required to revoke")
|
||||
}
|
||||
|
||||
client, err := newClient(email)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
certFile := storage.SiteCertFile(host)
|
||||
certBytes, err := ioutil.ReadFile(certFile)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = client.RevokeCertificate(certBytes)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = os.Remove(certFile)
|
||||
if err != nil {
|
||||
return errors.New("certificate revoked, but unable to delete certificate file: " + err.Error())
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
var (
|
||||
// Let's Encrypt account email to use if none provided
|
||||
DefaultEmail string
|
||||
|
|
@ -455,9 +490,3 @@ const (
|
|||
// This shouldn't need to change except for in tests;
|
||||
// the size can be drastically reduced for speed.
|
||||
var rsaKeySizeToUse = RSA_2048
|
||||
|
||||
// CertificateMeta is a container type used to write out a file
|
||||
// with information about a certificate.
|
||||
type CertificateMeta struct {
|
||||
Domain, URL string
|
||||
}
|
||||
|
|
|
|||
10
main.go
10
main.go
|
|
@ -23,6 +23,7 @@ var (
|
|||
conf string
|
||||
cpu string
|
||||
version bool
|
||||
revoke string
|
||||
)
|
||||
|
||||
func init() {
|
||||
|
|
@ -36,6 +37,7 @@ func init() {
|
|||
flag.BoolVar(&version, "version", false, "Show version")
|
||||
flag.BoolVar(&letsencrypt.Agreed, "agree", false, "Agree to Let's Encrypt Subscriber Agreement")
|
||||
flag.StringVar(&letsencrypt.DefaultEmail, "email", "", "Default email address to use for Let's Encrypt transactions")
|
||||
flag.StringVar(&revoke, "revoke", "", "Hostname for which to revoke the certificate")
|
||||
}
|
||||
|
||||
func main() {
|
||||
|
|
@ -45,6 +47,14 @@ func main() {
|
|||
fmt.Printf("%s %s\n", app.Name, app.Version)
|
||||
os.Exit(0)
|
||||
}
|
||||
if revoke != "" {
|
||||
err := letsencrypt.Revoke(revoke)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
fmt.Printf("Revoked certificate for %s\n", revoke)
|
||||
os.Exit(0)
|
||||
}
|
||||
|
||||
// Set CPU cap
|
||||
err := app.SetCPU(cpu)
|
||||
|
|
|
|||
Loading…
Reference in a new issue