Closed KalleDK closed 7 months ago
mholt
commented
7 months ago Thanks for the request!
This is already implemented in CertMagic's ACME client library, ACMEz.
We just need to find a good API for it in CertMagic. Did you have something in mind?
KalleDK
commented
7 months ago I would suggest on the ACMEManager, and then the fqdn.
mholt
commented
7 months ago On second thought, are you sure this does what you think? It only prevents certificates from being authorized and issued, not downloaded. If they've already been issued you would need to revoke, in case of key compromise. And CertMagic already supports this.
(Going to close, but feel free to continue the discussion if necessary!)
KalleDK
commented
7 months ago Yeah, I can see that it is ACMEz that I need to use. It was a special usecase where I could use this functionality. But I can see that I have to go another way to solve the problem, if you can infact redownload the cert.
What would you like to have changed?
Implementation of the 7.5.2 Deactivating an Authorization
Why is this feature a useful, necessary, and/or important addition to this project?
Not many clients provides this feature, but I would like to prevent redownload of a certificate incase the key should ever be compromised.
What alternatives are there, or what are you doing in the meantime to work around the lack of this feature?
I could create multiple accounts for my domains and thereby limit what each account can do