Hey there, Is there a workflow for authorization revocation?
I’m currently facing following problem:
Bob has registered the domain example.com - he also made a Let’s Encrypt-Account, solved the challenge and got a certificate for the domain. His authorization is valid till 01.01.2016, so he can request/reissue as many certificates as he wants for the domain example.com.
Now Bob transfers the domain example.com to Alice. Alice buys a new certificate from another CA.
Is it correct that Bob still can reissue new certificates for example.com even if he lost the control over the domain and Alice has no chance to invalidate Bobs authentication resource? - even if Alice would create a Let’s Encrypt-Account and solves the challenges - Bobs authentication wouldn’t be invalidated till it expires?