ACMEv2 unable to revoke using account key

Per the draft 9 spec, “The server MUST consider at least the following accounts authorized for a given certificate: the account that issued the certificate.”

However, using the acmev2 staging server, if I revoke using that account, I get a 403 with the detail of “JWK embedded in revocation request must be the same public key as the cert to be revoked”.

Looks like you might need to use the kid method if the signer is the ACME Account Key, whereas JWK is used when the signer is the Certificate Private Key.

3 Likes

That’s correct. Thanks!

2 Likes

Ok, I see. I wonder if the “jwk” bullet point in section 6.2 should be clarified. Thanks for the clarification.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.