I am trying to revoke a LE cert that was generated with caddy. caddy will start fine with the cert that is there but I can’t revoke it -revoke <domain>
I have ran caddy with the -revoke flag and the domain I am attempting to remove. I have the key and cert information in the .caddy folder under my user.
The following is what is the response
2018/04/10 12:40:44 acme: Error 403 - urn:acme:error:unauthorized - Revocation request must be signed by private key of cert to be revoked, by the account key of the account that issued it, or by the account key of an account that holds valid authorizations for all names in the certificate.
You shouldn’t need to revoke them in order to do a renewal by a different client. (Why are you switching, by the way?) It could be a bug or misconfiguration in whatever ACME client you’re now using, if it can’t get a cert.
Currently the site runs in a docker container and I was moving it out to an nginx based one. I have a docker volume for the .caddy folder for the cert files. Honestly I was just opening a forum post asking what I could be doing wrong to revoke a cert. I guess this should have been a github issue then as it seems like it’s a bug instead.
Thanks for explaining. It is a bug per se, but don’t bother opening an issue about it, since it’s known, and the reason is that the upstream library that implements it is still in development (the revoke feature is not finished yet).
I’ll look into it with xenolf!