I am using the v2 API and want to understand the options to revoke a certificate with a newly-registered account.
Here is the complete use case:
I register account-1
I issue certificate-1
I deactivate account-1
I register account-2
I want to revoke certificate-1 with account-2 => what options do I have here?
I could make this work via v1 since the new-authz endpoint allows the authorisation for newly-registered accounts.
To perform the same process in ACME v2, you create a new order, perform the authorizations, but don’t finalize the order. This avoids creating a new certificate but entitles the account the revoke the previous certificate.
Then you can use the account to revoke the certificate.
I wrote a web-based tool that does this because I couldn’t find any ACME clients (at the time) that made this simple to do (or ones that support revocation based on the certificate private key).