How can I get ZeroSSL certificate IDs so I can revoke them using the ZeroSSL API?

1. The problem I’m having:

I have made a mistake somehow and accidentally issued way too many certificates using ZeroSSL. I am receiving this message in their dashboard:

Note: Your account is holding more than 100 ACME certificates. For using the Dashboard or API with this amount of ACME certificates you have to upgrade at least to the ZeroSSL basic plan.

I only have ~20 subdomains that I’m using caddy to get certificates for so I simply just have way too many unneeded certificates. I would like to revoke these.

ZeroSSL requires a POST request that contains the certificate ID in order to revoke it. This is what I’m trying to retrieve.

I was able to get the X509v3 Subject Key Identifier from a certificate using openssl x509 -in -text -noout from the /data/caddy/certificates/ directory (within the docker container), but using the corresponding hash with the ZeroSSL api returned a certificate_not_found error, so I don’t even know if this is the ID I want. I tried the same thing with a few different subdomain folders with no luck.

2. Error messages and/or full log output:


3. Caddy version:


4. How I installed and ran Caddy:

Docker compose

a. System environment:

Ubuntu 23.04

b. Command:

docker compose up caddy -d

c. Service/unit/compose file:

    image: caddy:latest
    container_name: caddy
    restart: unless-stopped
      - caddy
      - 80:80
      - 443:443
      - 443:443/udp
      - /opt/appdata/caddy/Caddyfile:/etc/caddy/Caddyfile:rw
      - /opt/appdata/caddy/site:/srv
      - /opt/appdata/caddy/data:/data/caddy
      - /opt/appdata/caddy/config:/config/caddy

d. My complete Caddy config:

    cert_issuer zerossl REDACTED
    email REDACTED
} {
    reverse_proxy example:80

# I have about 20 entries similar to the one above

5. Links to relevant resources:

Well, you should only revoke certificates if the private key has been compromised. (Or the CA should revoke them if they were misissued.) Revoking certificates unnecessarily strains the PKI.

Instead, I would simply just delete the ones you don’t need. Revoking a cert does not “un-issue” it. If your goal is to use the ZeroSSL dashboard without that banner, I would contact their support for clarification.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.