Support revocation using the certificate's private key
mpalmer opened this issue · comments
ACME allows revocation by anyone in possession of the private key. Per the RFC, you put a jwk
in the protected header rather than a kid
, and sign the request with the private key of the certificate being revoked, rather than the account key. It would be very handy for me, at least, if acme-client
supported this use-case.
Cleaning up. I added revocation a while back.
Sorry, I'm still unable to determine how to revoke a certificate using the private key, rather than the account key. Would you mind giving me a pointer to the appropriate method? Acme::Client#revoke
only accepts a certificate, according to the source (of 2.0.16, at least).