Requirements to revoke certificates issued by ACME account
Certificates that have been issued by an authorized ACME account can be revoked via the ACME protocol, as long as these requirements apply:
- Valid certificate
The certificate to be revoked must be valid. Protocol Gateway does not allow revocation of expired or already revoked certificates. Allowed reason codes
The following reason codes are allowed:Unspecified (0)
KeyCompromise (1)
AffiliationChanged (3)
Superseded (4)
CessationOfOperation (5)
Requested by an account
The revocation of a certificate can be requested by an authorized ACME account. These accounts are considered authorized for a certificate:the account that issued the certificate
an account that holds authorizations for all of the domain names in the certificate
Requested by the certificate's private key
The revocation of a certificate can be requested by signing the request with the private key corresponding to the public key in the certificate to revoke. This proves that the requester holds the private key and thus is considered the owner of the certificate.