Skip to content

C
caddy
Commit a16beb98 authored by Matthew Holt's avatar Matthew Holt
Browse files
Options

letsencrypt: Revoke certificate

parent c626774d
Hide whitespace changes
Inline Side-by-side
Showing with 45 additions and 6 deletions
config/letsencrypt/letsencrypt.go
View file @ a16beb98
...@@ -419,6 +419,41 @@ func getNextRenewalShedule() (int, error) { ...@@ -419,6 +419,41 @@ func getNextRenewalShedule() (int, error) {
return hoursSinceRenew, nil return hoursSinceRenew, nil
} }
// Revoke revokes the certificate for host via ACME protocol.
func Revoke(host string) error {
if !existingCertAndKey(host) {
return errors.New("no certificate and key for " + host)
}
email := getEmail(server.Config{Host: host})
if email == "" {
return errors.New("email is required to revoke")
}
client, err := newClient(email)
if err != nil {
return err
}
certFile := storage.SiteCertFile(host)
certBytes, err := ioutil.ReadFile(certFile)
if err != nil {
return err
}
err = client.RevokeCertificate(certBytes)
if err != nil {
return err
}
err = os.Remove(certFile)
if err != nil {
return errors.New("certificate revoked, but unable to delete certificate file: " + err.Error())
}
return nil
}
var ( var (
// Let's Encrypt account email to use if none provided // Let's Encrypt account email to use if none provided
DefaultEmail string DefaultEmail string
...@@ -455,9 +490,3 @@ const ( ...@@ -455,9 +490,3 @@ const (
// This shouldn't need to change except for in tests; // This shouldn't need to change except for in tests;
// the size can be drastically reduced for speed. // the size can be drastically reduced for speed.
var rsaKeySizeToUse = RSA_2048 var rsaKeySizeToUse = RSA_2048
// CertificateMeta is a container type used to write out a file
// with information about a certificate.
type CertificateMeta struct {
Domain, URL string
}
main.go
View file @ a16beb98
...@@ -23,6 +23,7 @@ var ( ...@@ -23,6 +23,7 @@ var (
conf string conf string
cpu string cpu string
version bool version bool
revoke string
) )
func init() { func init() {
...@@ -36,6 +37,7 @@ func init() { ...@@ -36,6 +37,7 @@ func init() {
flag.BoolVar(&version, "version", false, "Show version") flag.BoolVar(&version, "version", false, "Show version")
flag.BoolVar(&letsencrypt.Agreed, "agree", false, "Agree to Let's Encrypt Subscriber Agreement") flag.BoolVar(&letsencrypt.Agreed, "agree", false, "Agree to Let's Encrypt Subscriber Agreement")
flag.StringVar(&letsencrypt.DefaultEmail, "email", "", "Default email address to use for Let's Encrypt transactions") flag.StringVar(&letsencrypt.DefaultEmail, "email", "", "Default email address to use for Let's Encrypt transactions")
flag.StringVar(&revoke, "revoke", "", "Hostname for which to revoke the certificate")
} }
func main() { func main() {
...@@ -45,6 +47,14 @@ func main() { ...@@ -45,6 +47,14 @@ func main() {
fmt.Printf("%s %s\n", app.Name, app.Version) fmt.Printf("%s %s\n", app.Name, app.Version)
os.Exit(0) os.Exit(0)
} }
if revoke != "" {
err := letsencrypt.Revoke(revoke)
if err != nil {
log.Fatal(err)
}
fmt.Printf("Revoked certificate for %s\n", revoke)
os.Exit(0)
}
// Set CPU cap // Set CPU cap
err := app.SetCPU(cpu) err := app.SetCPU(cpu)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7