Acme errors while revoking a cert

(Michael (Parker) Parker) #1

I am trying to revoke a LE cert that was generated with caddy. caddy will start fine with the cert that is there but I can’t revoke it -revoke <domain>

I have ran caddy with the -revoke flag and the domain I am attempting to remove. I have the key and cert information in the .caddy folder under my user.

The following is what is the response

2018/04/10 12:40:44 acme: Error 403 - urn:acme:error:unauthorized - Revocation request must be signed by private key of cert to be revoked, by the account key of the account that issued it, or by the account key of an account that holds valid authorizations for all names in the certificate.

(Matt Holt) #2

Hmm, I haven’t tested revocation too seriously with the ACMEv2 yet, it’s possible this needs a little polishing. :slight_smile: I’ll look into it with xenolf!

PS. Don’t revoke a certificate unless you’ve lost your private key or control over DNS.

(Michael (Parker) Parker) #3

I was revoking my cert because I was changing away from caddy. I need to revoke the certs to renew them under the new setup.

(Matt Holt) #4

You shouldn’t need to revoke them in order to do a renewal by a different client. (Why are you switching, by the way?) It could be a bug or misconfiguration in whatever ACME client you’re now using, if it can’t get a cert.