mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-23 22:27:38 -05:00
letsencrypt: Revoke certificate
This commit is contained in:
Matthew Holt
parent
c626774da2
commit
a16beb98de
2 changed files with 45 additions and 6 deletions
|
|
@ -419,6 +419,41 @@ func getNextRenewalShedule() (int, error) {
|
||||||
return hoursSinceRenew, nil
|
return hoursSinceRenew, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Revoke revokes the certificate for host via ACME protocol.
|
||||||
|
func Revoke(host string) error {
|
||||||
|
if !existingCertAndKey(host) {
|
||||||
|
return errors.New("no certificate and key for " + host)
|
||||||
|
}
|
||||||
|
|
||||||
|
email := getEmail(server.Config{Host: host})
|
||||||
|
if email == "" {
|
||||||
|
return errors.New("email is required to revoke")
|
||||||
|
}
|
||||||
|
|
||||||
|
client, err := newClient(email)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
certFile := storage.SiteCertFile(host)
|
||||||
|
certBytes, err := ioutil.ReadFile(certFile)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
err = client.RevokeCertificate(certBytes)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
err = os.Remove(certFile)
|
||||||
|
if err != nil {
|
||||||
|
return errors.New("certificate revoked, but unable to delete certificate file: " + err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
// Let's Encrypt account email to use if none provided
|
// Let's Encrypt account email to use if none provided
|
||||||
DefaultEmail string
|
DefaultEmail string
|
||||||
|
|
@ -455,9 +490,3 @@ const (
|
||||||
// This shouldn't need to change except for in tests;
|
// This shouldn't need to change except for in tests;
|
||||||
// the size can be drastically reduced for speed.
|
// the size can be drastically reduced for speed.
|
||||||
var rsaKeySizeToUse = RSA_2048
|
var rsaKeySizeToUse = RSA_2048
|
||||||
|
|
||||||
// CertificateMeta is a container type used to write out a file
|
|
||||||
// with information about a certificate.
|
|
||||||
type CertificateMeta struct {
|
|
||||||
Domain, URL string
|
|
||||||
}
|
|
||||||
|
|
|
||||||
10
main.go
10
main.go
|
|
@ -23,6 +23,7 @@ var (
|
||||||
conf string
|
conf string
|
||||||
cpu string
|
cpu string
|
||||||
version bool
|
version bool
|
||||||
|
revoke string
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
|
@ -36,6 +37,7 @@ func init() {
|
||||||
flag.BoolVar(&version, "version", false, "Show version")
|
flag.BoolVar(&version, "version", false, "Show version")
|
||||||
flag.BoolVar(&letsencrypt.Agreed, "agree", false, "Agree to Let's Encrypt Subscriber Agreement")
|
flag.BoolVar(&letsencrypt.Agreed, "agree", false, "Agree to Let's Encrypt Subscriber Agreement")
|
||||||
flag.StringVar(&letsencrypt.DefaultEmail, "email", "", "Default email address to use for Let's Encrypt transactions")
|
flag.StringVar(&letsencrypt.DefaultEmail, "email", "", "Default email address to use for Let's Encrypt transactions")
|
||||||
|
flag.StringVar(&revoke, "revoke", "", "Hostname for which to revoke the certificate")
|
||||||
}
|
}
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
|
|
@ -45,6 +47,14 @@ func main() {
|
||||||
fmt.Printf("%s %s\n", app.Name, app.Version)
|
fmt.Printf("%s %s\n", app.Name, app.Version)
|
||||||
os.Exit(0)
|
os.Exit(0)
|
||||||
}
|
}
|
||||||
|
if revoke != "" {
|
||||||
|
err := letsencrypt.Revoke(revoke)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
fmt.Printf("Revoked certificate for %s\n", revoke)
|
||||||
|
os.Exit(0)
|
||||||
|
}
|
||||||
|
|
||||||
// Set CPU cap
|
// Set CPU cap
|
||||||
err := app.SetCPU(cpu)
|
err := app.SetCPU(cpu)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue