2019-03-11 18:56:48 +02:00
|
|
|
package cmd
|
2018-12-06 23:50:17 +02:00
|
|
|
|
|
|
|
import (
|
2021-10-21 20:36:11 +02:00
|
|
|
"github.com/go-acme/lego/v4/acme"
|
2020-09-02 03:20:01 +02:00
|
|
|
"github.com/go-acme/lego/v4/log"
|
2022-02-13 13:28:51 +02:00
|
|
|
"github.com/urfave/cli/v2"
|
2018-12-06 23:50:17 +02:00
|
|
|
)
|
|
|
|
|
2022-02-13 13:28:51 +02:00
|
|
|
func createRevoke() *cli.Command {
|
|
|
|
return &cli.Command{
|
2018-12-06 23:50:17 +02:00
|
|
|
Name: "revoke",
|
|
|
|
Usage: "Revoke a certificate",
|
|
|
|
Action: revoke,
|
|
|
|
Flags: []cli.Flag{
|
2022-02-13 13:28:51 +02:00
|
|
|
&cli.BoolFlag{
|
|
|
|
Name: "keep",
|
|
|
|
Aliases: []string{"k"},
|
|
|
|
Usage: "Keep the certificates after the revocation instead of archiving them.",
|
2018-12-06 23:50:17 +02:00
|
|
|
},
|
2022-02-13 13:28:51 +02:00
|
|
|
&cli.UintFlag{
|
2023-01-08 15:53:15 +02:00
|
|
|
Name: "reason",
|
|
|
|
Usage: "Identifies the reason for the certificate revocation." +
|
|
|
|
" See https://www.rfc-editor.org/rfc/rfc5280.html#section-5.3.1." +
|
|
|
|
" Valid values are:" +
|
|
|
|
" 0 (unspecified), 1 (keyCompromise), 2 (cACompromise), 3 (affiliationChanged)," +
|
|
|
|
" 4 (superseded), 5 (cessationOfOperation), 6 (certificateHold), 8 (removeFromCRL)," +
|
|
|
|
" 9 (privilegeWithdrawn), or 10 (aACompromise).",
|
2021-10-21 20:36:11 +02:00
|
|
|
Value: acme.CRLReasonUnspecified,
|
|
|
|
},
|
2018-12-06 23:50:17 +02:00
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func revoke(ctx *cli.Context) error {
|
|
|
|
acc, client := setup(ctx, NewAccountsStorage(ctx))
|
|
|
|
|
|
|
|
if acc.Registration == nil {
|
|
|
|
log.Fatalf("Account %s is not registered. Use 'run' to register a new account.\n", acc.Email)
|
|
|
|
}
|
|
|
|
|
|
|
|
certsStorage := NewCertificatesStorage(ctx)
|
|
|
|
certsStorage.CreateRootFolder()
|
|
|
|
|
2022-02-13 13:28:51 +02:00
|
|
|
for _, domain := range ctx.StringSlice("domains") {
|
2018-12-06 23:50:17 +02:00
|
|
|
log.Printf("Trying to revoke certificate for domain %s", domain)
|
|
|
|
|
|
|
|
certBytes, err := certsStorage.ReadFile(domain, ".crt")
|
|
|
|
if err != nil {
|
|
|
|
log.Fatalf("Error while revoking the certificate for domain %s\n\t%v", domain, err)
|
|
|
|
}
|
|
|
|
|
2021-10-21 20:36:11 +02:00
|
|
|
reason := ctx.Uint("reason")
|
|
|
|
|
|
|
|
err = client.Certificate.RevokeWithReason(certBytes, &reason)
|
2018-12-06 23:50:17 +02:00
|
|
|
if err != nil {
|
|
|
|
log.Fatalf("Error while revoking the certificate for domain %s\n\t%v", domain, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
log.Println("Certificate was revoked.")
|
|
|
|
|
|
|
|
if ctx.Bool("keep") {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
certsStorage.CreateArchiveFolder()
|
|
|
|
|
|
|
|
err = certsStorage.MoveToArchive(domain)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
log.Println("Certificate was archived for domain:", domain)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|