Open bruncsak opened 1 year ago
Reading RFC8555 there are two cases where Account B can revoke a certificate created by Account A:
Pebble implements (2) and I'm able to successfully revoke that method using
certbot unregister -n
certbot revoke --cert-path /etc/letsencrypt/live/revoke.example.com/cert.pem \
--key-path /etc/letsencrypt/live/revoke.example.com/privkey.pem -n
What you're hitting, I think, is that Pebble does not implement (1):
I created a certificate with account A, but revoking the certificate with account B fails with the following error: { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "The certificate being revoked is not associated with account \"1\"", "status": 403 } (Of course, before trying to revoke all required identifiers are authorized in the account B) I interpret the RFC8555 that using different account should be a permitted way to revoke a certificate. Is my interpretation incorrect?