certbot icon indicating copy to clipboard operation
certbot copied to clipboard
verified publisher icon certbot

Revocation Reason Should be Requested

Open BenWilson-Mozilla opened this issue 2 years ago • 1 comments

Shouldn't Certbot request a reason code (especially for Key Compromise) before submitting a revocation request? My understanding is that default behavior doesn't ask whether the revocation is for key compromise or other reasons. That information should be passed on to the Let's Encrypt CRL.

BenWilson-Mozilla avatar Jan 23 '24 16:01 BenWilson-Mozilla

My understanding is that default behavior doesn't ask whether the revocation is for key compromise or other reasons.

Correct, the default reason is unspecified.

That information should be passed on to the Let's Encrypt CRL.

Users can use the --reason option to e.g. specify --reason keycompromise in combination with the revoke subcommand.

Note that Certbot currently is not affiliated any longer with Let's Encrypt, but is developed by the EFF :slightly_smiling_face:

Is your request that Certbot should always ask for a reason, if not provided by the user on the CLI?

osirisinferi avatar Jan 23 '24 21:01 osirisinferi