Status of revoked certificate

Client dev
1

I am developing a platform for certificate management using the Let's Encrypt APIs. As per the community suggestions, I am not storing the certificate private key in the database.
Now, I have a certificate issued and revoked. Now, for example the client wishes to issue certificate again. I am issuing the certificate only if order status is pending. Otherwise, the client may try to issue multiple certificates which would be a problem during billing.

If the certificate is revoked, the order status is still in valid state and I am unable to issue the certificate for the revoked identifier. Is there a way to get around it?

This is my revoked order details-

{
"status": "valid",
"expires": "2024-01-10T05:45:31Z",
"identifiers": [
{
"type": "dns",
"value": "toolsguruhub.com"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/10401692324"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/130963334/13402823224",
"certificate": "https://acme-staging-v02.api.letsencrypt.org/acme/cert/2b815eabdeb96e8998aa5c387827ab8753f2"
}
2

order reuse is a thing: you'd have to manage certificate list by yourself

2 Likes
3

So, there is no way to know if a certificate is revoked without calling the revoke API again?

4

check the OCSP status of that certificate itself

2 Likes
5

Issuing a certificate on a pending order? How's that possible?

1 Like
6

I mean only when status is in pending state, I am continuing with the authorisation using DNS TXT to convert status to ready and everything else. Otherwise if the status is shown valid when I am trying to create a new order for the same identifier, I am showing some message like a certificate is already issued for this identifier or something.

7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.