Revoke with newly-registered account (v2 API)

Hi

I am using the v2 API and want to understand the options to revoke a certificate with a newly-registered account.

Here is the complete use case:
I register account-1
I issue certificate-1
I deactivate account-1
I register account-2
I want to revoke certificate-1 with account-2 => what options do I have here?

I could make this work via v1 since the new-authz endpoint allows the authorisation for newly-registered accounts.

Thanks,
Marius

To perform the same process in ACME v2, you create a new order, perform the authorizations, but don’t finalize the order. This avoids creating a new certificate but entitles the account the revoke the previous certificate.

Then you can use the account to revoke the certificate.

I wrote a web-based tool that does this because I couldn’t find any ACME clients (at the time) that made this simple to do (or ones that support revocation based on the certificate private key).

2 Likes

Thanks for the suggested solution - I see no reason why this wouldn’t work for me as well.

1 Like