implement revoke

063d28a6 · Markus Germeier · Lukas Schauer · 0d7913ab · 063d28a6
Commit 063d28a6 authored Dec 07, 2015 by Markus Germeier Committed by Lukas Schauer Dec 07, 2015
Show whitespace changes
Inline Side-by-side

Showing with 24 additions and 0 deletions

letsencrypt.sh letsencrypt.sh +24 -0

No files found.
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -107,6 +107,17 @@ signed_request() {
  _request post "${1}" "${data}"
 }
+revoke_cert() {
+  cert="${1}"
+  cert64="$(openssl x509 -in "${cert}" -inform PEM -outform DER | urlbase64)"
+  response="$(signed_request "${CA}/acme/revoke-cert" '{"resource": "revoke-cert", "certificate": "'"${cert64}"'"}')"
+  # if there is a problem with our revoke request _request (via signed_request) will report this and "exit 1" out
+  # so if we are here, it is safe to assume the request was successful
+  echo " + SUCCESS"
+  echo " + renaming certificate to ${cert}-revoked"
+  mv -f "${cert}" "${cert}-revoked"
+}
 sign_domain() {
  domain="${1}"
  altnames="${*}"
@@ -255,6 +266,19 @@ if [[ ! -e "${WELLKNOWN}" ]]; then
  mkdir -p "${WELLKNOWN}"
 fi
+# revoke certificate by user request
+if [[ "${1:-}" = "revoke" ]]; then
+  if [[ -z "{2:-}" ]] || [[ ! -f "${2}" ]]; then
+    echo usage: ${0} revoke path/to/cert.pem
+    exit 1
+  fi
+  echo "Revoking ${2}"
+  revoke_cert "${2}"
+  exit 0
+fi
 # Generate certificates for all domains found in domains.txt. Check if existing certificate are about to expire
 <"${DOMAINS_TXT}" sed 's/^\s*//g;s/\s*$//g' | grep -v '^#' | grep -v '^$' | while read -r line; do
  domain="$(echo "${line}" | cut -d' ' -f1)"