From a16beb98de580d91f3c6e5621b32a6fade2014ab Mon Sep 17 00:00:00 2001
From: Matthew Holt <Matthew.Holt+git@gmail.com>
Date: Wed, 21 Oct 2015 00:09:45 -0600
Subject: [PATCH] letsencrypt: Revoke certificate

---
 config/letsencrypt/letsencrypt.go | 41 ++++++++++++++++++++++++++-----
 main.go                           | 10 ++++++++
 2 files changed, 45 insertions(+), 6 deletions(-)

diff --git a/config/letsencrypt/letsencrypt.go b/config/letsencrypt/letsencrypt.go
index 4f33cf74..fed137ad 100644
--- a/config/letsencrypt/letsencrypt.go
+++ b/config/letsencrypt/letsencrypt.go
@@ -419,6 +419,41 @@ func getNextRenewalShedule() (int, error) {
 	return hoursSinceRenew, nil
 }
 
+// Revoke revokes the certificate for host via ACME protocol.
+func Revoke(host string) error {
+	if !existingCertAndKey(host) {
+		return errors.New("no certificate and key for " + host)
+	}
+
+	email := getEmail(server.Config{Host: host})
+	if email == "" {
+		return errors.New("email is required to revoke")
+	}
+
+	client, err := newClient(email)
+	if err != nil {
+		return err
+	}
+
+	certFile := storage.SiteCertFile(host)
+	certBytes, err := ioutil.ReadFile(certFile)
+	if err != nil {
+		return err
+	}
+
+	err = client.RevokeCertificate(certBytes)
+	if err != nil {
+		return err
+	}
+
+	err = os.Remove(certFile)
+	if err != nil {
+		return errors.New("certificate revoked, but unable to delete certificate file: " + err.Error())
+	}
+
+	return nil
+}
+
 var (
 	// Let's Encrypt account email to use if none provided
 	DefaultEmail string
@@ -455,9 +490,3 @@ const (
 // This shouldn't need to change except for in tests;
 // the size can be drastically reduced for speed.
 var rsaKeySizeToUse = RSA_2048
-
-// CertificateMeta is a container type used to write out a file
-// with information about a certificate.
-type CertificateMeta struct {
-	Domain, URL string
-}
diff --git a/main.go b/main.go
index d194aef1..2d4c4a03 100644
--- a/main.go
+++ b/main.go
@@ -23,6 +23,7 @@ var (
 	conf    string
 	cpu     string
 	version bool
+	revoke  string
 )
 
 func init() {
@@ -36,6 +37,7 @@ func init() {
 	flag.BoolVar(&version, "version", false, "Show version")
 	flag.BoolVar(&letsencrypt.Agreed, "agree", false, "Agree to Let's Encrypt Subscriber Agreement")
 	flag.StringVar(&letsencrypt.DefaultEmail, "email", "", "Default email address to use for Let's Encrypt transactions")
+	flag.StringVar(&revoke, "revoke", "", "Hostname for which to revoke the certificate")
 }
 
 func main() {
@@ -45,6 +47,14 @@ func main() {
 		fmt.Printf("%s %s\n", app.Name, app.Version)
 		os.Exit(0)
 	}
+	if revoke != "" {
+		err := letsencrypt.Revoke(revoke)
+		if err != nil {
+			log.Fatal(err)
+		}
+		fmt.Printf("Revoked certificate for %s\n", revoke)
+		os.Exit(0)
+	}
 
 	// Set CPU cap
 	err := app.SetCPU(cpu)