I testing the revoke command.
The documentation states:
Once a certificate is revoked (or for other certificate management tasks), all of a certificate’s relevant files can be removed from the system with the delete subcommand:
Note the key phrase here 'can be removed'. This suggests that the revoke command doesn't delete files.
The following Note reinforces that impression.
If you don’t use delete to remove the certificate completely, it will be renewed automatically at the next renewal event.
If you run the cmd line help you get:
--delete-after-revoke Delete certificates after revoking them, along with all previous and later versions of those certificates. (default: None) --no-delete-after-revoke Do not delete certificates after revoking them. This option should be used with caution because the 'renew' subcommand will attempt to renew undeleted revoked certificates. (default: None)
You will note that neither of these default to enabled.
Given that neither is enabled and the both do opposite actions (the first deletes files the second doesn't delete files) then what is the default action meant to be?
It appears that the default action is to actually delete files which contradicts the documentation.