https://letsencrypt.org/docs/revoking/ is not talking about it
The ACME protocol seams to implement it: https://tools.ietf.org/html/draft-ietf-acme-acme-04#page-42
Hi @tdelmas,
“Is it possible” - yes 
As you mention the ACME revocation resource allows specifying a reason code. The important thing to note with respect to Let’s Encrypt is that Boulder only allows a subset of reason codes to be specified by the user.
“Is it useful” - I’m not personally sure what relying parties that check OCSP are likely to do with the revocation reason. I suspect not very much.
Thanks @cpu !
And it looks like it’s implemented by certbot, I guess it’s just not documented: https://github.com/certbot/certbot/blob/master/tests/boulder-integration.sh#L276
It’s not documented there: https://certbot.eff.org/docs/using.html?highlight=revoke#revoking-certificates
Edit: It’s documented there: https://github.com/certbot/certbot/blob/master/docs/cli-help.txt#L306
2 Likes
It looks like while it isn't documented in the usage section, it is documented in the command line flags section:
--reason {keycompromise,affiliationchanged,superseded,unspecified,cessationofoperation}
Specify reason for revoking certificate. (default: 0)
@schoen @swartzcr Do you think the --reason flag should also be documented in the revocation usage part of the manual? I also wonder if the "(default: 0)" in the command line flags documentation should be written as "(default: keycompromise)" - I'm not sure what "0" maps to in this case.
Edit: oops! looks like you edited your answer right at the same time I was posting this 
Jinx!
1 Like
I made a PR for this which should change what the listed default is and add a short section to the docs about it: https://github.com/certbot/certbot/pull/4987
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.