2019-03-11 16:56:48 +00:00
package cmd
2018-12-06 21:50:17 +00:00
import (
2021-10-21 18:36:11 +00:00
"github.com/go-acme/lego/v4/acme"
2020-09-02 01:20:01 +00:00
"github.com/go-acme/lego/v4/log"
2018-12-06 21:50:17 +00:00
"github.com/urfave/cli"
)
func createRevoke ( ) cli . Command {
return cli . Command {
Name : "revoke" ,
Usage : "Revoke a certificate" ,
Action : revoke ,
Flags : [ ] cli . Flag {
cli . BoolFlag {
Name : "keep, k" ,
Usage : "Keep the certificates after the revocation instead of archiving them." ,
} ,
2021-10-21 18:36:11 +00:00
cli . UintFlag {
Name : "reason" ,
Usage : "Identifies the reason for the certificate revocation. See https://tools.ietf.org/html/rfc5280#section-5.3.1. 0(unspecified),1(keyCompromise),2(cACompromise),3(affiliationChanged),4(superseded),5(cessationOfOperation),6(certificateHold),8(removeFromCRL),9(privilegeWithdrawn),10(aACompromise)" ,
Value : acme . CRLReasonUnspecified ,
} ,
2018-12-06 21:50:17 +00:00
} ,
}
}
func revoke ( ctx * cli . Context ) error {
acc , client := setup ( ctx , NewAccountsStorage ( ctx ) )
if acc . Registration == nil {
log . Fatalf ( "Account %s is not registered. Use 'run' to register a new account.\n" , acc . Email )
}
certsStorage := NewCertificatesStorage ( ctx )
certsStorage . CreateRootFolder ( )
for _ , domain := range ctx . GlobalStringSlice ( "domains" ) {
log . Printf ( "Trying to revoke certificate for domain %s" , domain )
certBytes , err := certsStorage . ReadFile ( domain , ".crt" )
if err != nil {
log . Fatalf ( "Error while revoking the certificate for domain %s\n\t%v" , domain , err )
}
2021-10-21 18:36:11 +00:00
reason := ctx . Uint ( "reason" )
err = client . Certificate . RevokeWithReason ( certBytes , & reason )
2018-12-06 21:50:17 +00:00
if err != nil {
log . Fatalf ( "Error while revoking the certificate for domain %s\n\t%v" , domain , err )
}
log . Println ( "Certificate was revoked." )
if ctx . Bool ( "keep" ) {
return nil
}
certsStorage . CreateArchiveFolder ( )
err = certsStorage . MoveToArchive ( domain )
if err != nil {
return err
}
log . Println ( "Certificate was archived for domain:" , domain )
}
return nil
}