Add: Deactivating an Authorization (7.5.2)

Question

Add: Deactivating an Authorization (7.5.2)

KalleDK opened this issue a year ago · 4 comments

What would you like to have changed?

Implementation of the 7.5.2 Deactivating an Authorization

Why is this feature a useful, necessary, and/or important addition to this project?

Not many clients provides this feature, but I would like to prevent redownload of a certificate incase the key should ever be compromised.

What alternatives are there, or what are you doing in the meantime to work around the lack of this feature?

I could create multiple accounts for my domains and thereby limit what each account can do

Answer 1 · 2024-02-18T03:04:58.000Z

Thanks for the request!

This is already implemented in CertMagic's ACME client library, ACMEz.

We just need to find a good API for it in CertMagic. Did you have something in mind?

Answer 2 · 2024-02-19T11:25:56.000Z

I would suggest on the ACMEManager, and then the fqdn.

Answer 3 · 2024-03-05T23:06:37.000Z

On second thought, are you sure this does what you think? It only prevents certificates from being authorized and issued, not downloaded. If they've already been issued you would need to revoke, in case of key compromise. And CertMagic already supports this.

(Going to close, but feel free to continue the discussion if necessary!)

Answer 4 · 2024-03-06T07:24:57.000Z

Yeah, I can see that it is ACMEz that I need to use. It was a special usecase where I could use this functionality. But I can see that I have to go another way to solve the problem, if you can infact redownload the cert.